search

What are 3 requirements that must be met in order to build a failover cluster using Windows Server 2023?

Ngày đăng: 06/01/2023
Trả lời: 0
Lượt xem: 177

You can create a failover cluster using Windows Server on Google Cloud Platform (GCP). A group of servers works together to provide higher availability (HA) for your Windows applications. If one cluster node fails, another node can take over running the software. You can configure the failover to happen automatically, which is the usual configuration, or you can manually trigger a failover.

Show

This tutorial assumes you are familiar with failover clustering, Active Directory (AD), and administration of Windows Server.

For a brief overview of networking in GCP, see GCP for Data Center Pros: Networking.

Architecture

This tutorial walks you through how to create an example failover cluster on Compute Engine. The example system contains the following two servers:

  • A primary Compute Engine VM instance running Windows Server 2016 in zone 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    1.
  • A second instance, configured to match the primary instance in zone 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    2.

Additionally, you deploy an AD domain contoller, which, for this tutorial, serves the following purposes:

  • Provides a Windows domain.
  • Resolves hostnames to IP addresses.
  • Hosts the file share witness that acts as a third "vote" to achieve the required quorum for the cluster.

You can create the domain controller in any zone. This tutorial uses zone 

gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
3. In a production system, you can host the file share witness elsewhere, and you don't need a separate AD system only to support your failover cluster. See What's next for links to articles about using AD on GCP.

The two servers that you will use to deploy the failover cluster are located in different zones to ensure that each server is on a different physical machine and to protect against the unlikely possibility of a zonal failure.

The following diagram describes the architecture you deploy by following this tutorial.

What are 3 requirements that must be met in order to build a failover cluster using Windows Server 2023?

Shared storage options

This tutorial does not cover setting up a file server for high-availability shared storage.

Google Cloud supports multiple shared storage solutions that you can use with Windows Server Failover Clustering, including:

  • SIOS Datakeeper Cluster Edition
  • Native Microsoft Windows options

For information about other possible shared storage solutions, see:

  • GCP Windows Partners
  • File servers on Compute Engine.

Understanding the network routing

When the cluster fails over, requests must go to the newly active node. The clustering technology normally handles routing by using address resolution protocol (ARP), which associates IP addresses with MAC addresses. In GCP, the Virtual Private Cloud (VPC) system uses software-defined networking, which doesn't leverage MAC addresses. This means the changes broadcast by ARP don't affect routing at all. To make routing work, the cluster requires some software-level help from the Internal Load Balancer.

Usually, internal load balancing distributes incoming network traffic among multiple backend instances that are internal to your VPC, to share the load. For failover clustering, you instead use internal load balancing to route all traffic to just one instance: the currently active cluster node. Here's how internal load balancing detects the correct node:

  • Each VM instance runs a Compute Engine agent instance that provides support for Windows failover clustering. The agent keeps track of the IP addresses for the VM instance.
  • The load balancer's frontend provides the IP address for incoming traffic to the application.
  • The load balancer's backend provides a health check. The health check process periodically pings the agent on each cluster node by using the fixed IP address of the VM instance through a particular port. The default port is 59998.
  • The health check includes the application's IP address as a payload in the request.
  • The agent compares the IP address in the request to the list of IP addresses for the host VM. If the agent finds a match, it responds with a value of 1. Otherwise, it responds with 0.
  • The load balancer marks any VM that passes the health check as healthy. At any moment, only one VM ever passes the health check because only one VM has the IP address for the workload.

What happens during a failover

When a failover happens in the cluster, the following changes take place:

  • Windows failover clustering changes the status of the active node to indicate that it has failed.
  • Failover clustering moves any cluster resources and roles from the failing node to the best node, as defined by the quorum. This action includes moving the associated IP addresses.
  • Failover clustering broadcasts ARP packets to notify hardware-based network routers that the IP addresses have moved. For this scenario, GCP networking ignores these packets.
  • After the move, the Compute Engine agent on the VM for the failing node changes its response to the health check from 1 to 0, because the VM no longer hosts the IP address specified in the request.
  • The Compute Engine agent on the VM for the newly active node likewise changes its response to the health check from 0 to 1.
  • The internal load balancer stops routing traffic to the failing node and instead routes traffic to the newly active node.

Putting it together

Now that you've reviewed some of the concepts, here are some details to notice about the architecture diagram:

  • The Compute Engine agent for the VM named 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    4 is responding to the health check with the value 1, indicating it is the active cluster node. For 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    5, the response is 0.
  • The load balancer is routing requests to 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    4, as indicated by the arrow.
  • The load balancer and 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    4both have the IP address 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    8. For the load balancer, this is the specified frontend IP address. For the VM, it's the IP address of the application. The failover cluster sets this IP address on the currently active node.
  • The failover cluster and 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    4 both have the IP address 
    gcloud compute firewall-rules list
    0. The VM has this IP address because it currently hosts the cluster resources.

Advice for following this tutorial

This tutorial has a lot of steps. Sometimes, you are asked to follow steps in external documents, such as Microsoft documentation. Don't miss the notes in this document providing specifics for following the external steps.

This tutorial uses Cloud Shell in the Google Cloud console. Though it's possible to use the Google Cloud console user interface or the gcloud CLI to set up failover clustering, this tutorial mainly uses Cloud Shell to make it easy for you. This approach helps you to complete the tutorial faster. When more appropriate, some steps use the Google Cloud console instead.

What are 3 requirements that must be met in order to build a failover cluster using Windows Server 2023?

It's a good idea to take snapshots of your Compute Engine persistent disks along the way. If something goes wrong, you can use a snapshot to avoid starting over from the beginning. This tutorial suggests good times to take the snapshots.

If you find that things aren't working as you expect, there might be instructions in the section you're reading. Otherwise, refer to the Troubleshooting section.

Objectives

  • Create a network.
  • Install Windows Server 2016 on two Compute Engine VMs.
  • Install and configure Active Directory on a third instance of Windows Server.
  • Set up the failover cluster, including a file share witness for the quorum and a role for the workload.
  • Set up the internal load balancer.
  • Test the failover operation to verify that the cluster is working.

Costs

This tutorial uses Compute Engine images that include Windows Server licenses. This means the cost to run this tutorial can be significant if you leave VMs running. It's a good idea to stop the VMs when you're not using them.

See the Pricing Calculator for an estimate of the costs to complete this tutorial.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.

    Go to project selector

  3. Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.

  4. Enable the Compute Engine API.

    Enable the API

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.

    Go to project selector

  6. Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.

  7. Enable the Compute Engine API.

    Enable the API

  8. Start an instance of Cloud Shell.
    Go to Cloud Shell

Creating the network

Your cluster requires a custom network. Use VPC to create a custom network and one subnetwork by running 

gcloud compute firewall-rules list
1 commands in Cloud Shell.

  1. Create the network:

    gcloud compute networks create wsfcnet --subnet-mode custom

    The name of the network you created is 

    gcloud compute firewall-rules list
    2.

  2. Create a subnetwork. Replace 

    gcloud compute firewall-rules list
    3 with a nearby GCP region:

    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16

    The name of the subnetwork you created is 

    gcloud compute firewall-rules list
    4.

Notice that the CIDR range for IP addresses in this subnetwork is 

gcloud compute firewall-rules list
5. This is an example range used for this tutorial. In production systems, work with your network administrators to allocate appropriate ranges for IP addresses for your systems.

Create firewall rules

By default, your network is closed to external traffic. You must open ports in the firewall to enable remote connections to the servers. Use 

gcloud compute firewall-rules list
1 commands in Cloud Shell to create the rules.

  1. For this tutorial, open port 3389 on the main network to enable RDP connections. In the following command, replace 

    gcloud compute firewall-rules list
    7 with the IP address of the computer you use to connect to your VM instances. In a production system, you can provide an IP address range or a series of addresses.

    gcloud compute firewall-rules create allow-rdp --network wsfcnet --allow tcp:3389 --source-ranges [YOUR_IPv4_ADDRESS]

  2. On the subnetwork, allow all protocols on all ports to enable the servers to communicate with each other. In production systems, consider opening only specific ports, as needed.

    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16

    Notice that the 

    gcloud compute firewall-rules list
    8 value matches the CIDR range you used to create the subnetwork.

  3. View your firewall rules:

    gcloud compute firewall-rules list

    You should see output similar to the following:

    NAME              NETWORK  DIRECTION  PRIORITY  ALLOW            DENY  DISABLED
allow-all-subnet  wsfcnet  INGRESS    1000      all                    False
allow-rdp         wsfcnet  INGRESS    1000      tcp:3389               False

Enabling failover clustering in Compute Engine

To enable failover clustering in the Compute Engine agent, you need to add the flag 

gcloud compute firewall-rules list
9 to your VM definitions either by specifying it as custom metadata for the VM or by creating a configuration file on each VM, as described in the Compute Engine documentation.

This tutorial defines the flag as custom metadata when the VMs are created, as described in the next section. The tutorial also relies on the default behavior for 

NAME              NETWORK  DIRECTION  PRIORITY  ALLOW            DENY  DISABLED
allow-all-subnet  wsfcnet  INGRESS    1000      all                    False
allow-rdp         wsfcnet  INGRESS    1000      tcp:3389               False
0 and 
NAME              NETWORK  DIRECTION  PRIORITY  ALLOW            DENY  DISABLED
allow-all-subnet  wsfcnet  INGRESS    1000      all                    False
allow-rdp         wsfcnet  INGRESS    1000      tcp:3389               False
1, so you don't need to set these values.

Creating the servers

Next, create the 3 servers. Use the 

gcloud compute firewall-rules list
1 command in Cloud Shell.

Create the first cluster-node server

Create a new Compute Engine instance. Configure the instance as follows:

  • Name the instance 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    5.
  • Set the 
    NAME              NETWORK  DIRECTION  PRIORITY  ALLOW            DENY  DISABLED
allow-all-subnet  wsfcnet  INGRESS    1000      all                    False
allow-rdp         wsfcnet  INGRESS    1000      tcp:3389               False
    4 flag to a convenient zone near you. For example, 
    NAME              NETWORK  DIRECTION  PRIORITY  ALLOW            DENY  DISABLED
allow-all-subnet  wsfcnet  INGRESS    1000      all                    False
allow-rdp         wsfcnet  INGRESS    1000      tcp:3389               False
    5.
  • Set the 
    NAME              NETWORK  DIRECTION  PRIORITY  ALLOW            DENY  DISABLED
allow-all-subnet  wsfcnet  INGRESS    1000      all                    False
allow-rdp         wsfcnet  INGRESS    1000      tcp:3389               False
    6 flag to 
    NAME              NETWORK  DIRECTION  PRIORITY  ALLOW            DENY  DISABLED
allow-all-subnet  wsfcnet  INGRESS    1000      all                    False
allow-rdp         wsfcnet  INGRESS    1000      tcp:3389               False
    7
  • Set the
    NAME              NETWORK  DIRECTION  PRIORITY  ALLOW            DENY  DISABLED
allow-all-subnet  wsfcnet  INGRESS    1000      all                    False
allow-rdp         wsfcnet  INGRESS    1000      tcp:3389               False
    8 flag to 
    NAME              NETWORK  DIRECTION  PRIORITY  ALLOW            DENY  DISABLED
allow-all-subnet  wsfcnet  INGRESS    1000      all                    False
allow-rdp         wsfcnet  INGRESS    1000      tcp:3389               False
    9.
  • Set the 
    gcloud compute instances create wsfc-1 --zone [YOUR_ZONE_1] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.4 --network wsfcnet --subnet wsfcnetsub1 --metadata enable-wsfc=true
    0 flag to 
    gcloud compute instances create wsfc-1 --zone [YOUR_ZONE_1] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.4 --network wsfcnet --subnet wsfcnetsub1 --metadata enable-wsfc=true
    1.
  • Set the
    gcloud compute instances create wsfc-1 --zone [YOUR_ZONE_1] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.4 --network wsfcnet --subnet wsfcnetsub1 --metadata enable-wsfc=true
    2 flag to 
    gcloud compute instances create wsfc-1 --zone [YOUR_ZONE_1] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.4 --network wsfcnet --subnet wsfcnetsub1 --metadata enable-wsfc=true
    3.
  • Set the 
    gcloud compute instances create wsfc-1 --zone [YOUR_ZONE_1] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.4 --network wsfcnet --subnet wsfcnetsub1 --metadata enable-wsfc=true
    4 flag to enable IP forwarding.
  • Set the 
    gcloud compute instances create wsfc-1 --zone [YOUR_ZONE_1] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.4 --network wsfcnet --subnet wsfcnetsub1 --metadata enable-wsfc=true
    5 flag to 
    gcloud compute instances create wsfc-1 --zone [YOUR_ZONE_1] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.4 --network wsfcnet --subnet wsfcnetsub1 --metadata enable-wsfc=true
    6.
  • Set the network to 
    gcloud compute firewall-rules list
    2 and the subnetwork to 
    gcloud compute firewall-rules list
    4.
  • Use the 
    gcloud compute instances create wsfc-1 --zone [YOUR_ZONE_1] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.4 --network wsfcnet --subnet wsfcnetsub1 --metadata enable-wsfc=true
    9 parameter to set 
    gcloud compute firewall-rules list
    9.

Run the following command, replacing 

gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
1 with the name of your first zone:

gcloud compute instances create wsfc-1 --zone [YOUR_ZONE_1] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.4 --network wsfcnet --subnet wsfcnetsub1 --metadata enable-wsfc=true

Create the second cluster-node server

For the second server, follow the same steps, except:

  • Set the instance name to: 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    4.
  • Set the 
    NAME              NETWORK  DIRECTION  PRIORITY  ALLOW            DENY  DISABLED
allow-all-subnet  wsfcnet  INGRESS    1000      all                    False
allow-rdp         wsfcnet  INGRESS    1000      tcp:3389               False
    4 flag to a different zone than the zone that you used for the first server. For example, 
    gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
    4.
  • Set the 
    gcloud compute instances create wsfc-1 --zone [YOUR_ZONE_1] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.4 --network wsfcnet --subnet wsfcnetsub1 --metadata enable-wsfc=true
    5 flag to 
    gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
    6.

Replace 

gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
7 with the name of your second zone:

gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true

Create the third server for Active Directory

For the domain controller, follow the same steps, except:

  • Set the instance name to: 
    gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
    8.
  • Set the 
    NAME              NETWORK  DIRECTION  PRIORITY  ALLOW            DENY  DISABLED
allow-all-subnet  wsfcnet  INGRESS    1000      all                    False
allow-rdp         wsfcnet  INGRESS    1000      tcp:3389               False
    4 flag to a different zone than the zones that you used for the other servers. For example, 
    gcloud compute instances create wsfc-dc --zone [YOUR_ZONE_3] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.6 --network wsfcnet --subnet wsfcnetsub1
    0.
  • Set the 
    gcloud compute instances create wsfc-1 --zone [YOUR_ZONE_1] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.4 --network wsfcnet --subnet wsfcnetsub1 --metadata enable-wsfc=true
    5 flag to 
    gcloud compute instances create wsfc-dc --zone [YOUR_ZONE_3] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.6 --network wsfcnet --subnet wsfcnetsub1
    2.
  • Omit 
    gcloud compute instances create wsfc-dc --zone [YOUR_ZONE_3] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.6 --network wsfcnet --subnet wsfcnetsub1
    3.

Replace 

gcloud compute instances create wsfc-dc --zone [YOUR_ZONE_3] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.6 --network wsfcnet --subnet wsfcnetsub1
4 with the name of your zone:

gcloud compute instances create wsfc-dc --zone [YOUR_ZONE_3] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.6 --network wsfcnet --subnet wsfcnetsub1

View your instances

You can see the details about the instances you created.

gcloud compute instances list

You will see output similar to the following:

gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
0

Connecting to your VMs

To connect to a Windows-based VM, you must first generate a password for the VM. You can then connect to the VM using RDP.

Generating passwords

  1. In the Google Cloud console, go to the VM instances page.

    Go to VM instances

  2. Click the name of the VM instance for which you need a new password.

  3. On the instance details page, click the Set Windows Password button. A password is generated for you. Copy the password and store it in a secure place.

Connecting through RDP

The Compute Engine documentation provides details about how to connect to your Windows VM instances by using RDP. You can either:

  • Use an existing client.
  • Add a Chrome RDP plugin to your browser and then connect through the Google Cloud console.

Whenever this tutorial tells you to connect to a Windows instance, use your preferred RDP connection.

Configuring Windows networking

The internal IP addresses that you assigned when you created the VMs are static. To ensure that Windows treats the IP addresses as static, you need to add them, along with the IP addresses of the default gateway and the DNS server, to the Windows Server networking configuration.

Use RDP to connect to 

gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
5, 
gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
4, and 
gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
8, and repeat the following steps for each instance:

  1. In Server Manager, in the left pane, select Local Server.
  2. In the Ethernet entry of the Properties pane, click IPv4 address assigned by DHCP, IPv6 enabled.
  3. Right-click Ethernet and select Properties.
  4. Double-click Internet Protocol Version 4 (TCP/IPv4).
  5. Select Use the following IP address.

  6. Enter the internal IP address that you assigned to the VM when you created it.

    • For 
      gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
      5, enter "10.0.0.4".
    • For 
      gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
      4 enter "10.0.0.5".
    • For 
      gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
      8 enter "10.0.0.6".

  7. For Subnet mask, enter "255.255.0.0".

  8. For Default gateway, enter 

    gcloud compute instances list
    1, the IP address that was automatically reserved for the default gateway when you created the subnet 
    gcloud compute firewall-rules list
    4.

    The IP address for the default gateway is always the second address in the primary IP range for a subnet. See "Reserved IPv4 addresses" in Subnets overview.

  9. For 

    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    5 and 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    4 only:

    1. Click Use the following DNS server addresses.

    2. For Preferred DNS server, enter "10.0.0.6".

  10. Close all the dialog boxes.

    You lose RDP connectivity because these changes reset the virtual network adapter for the VM instance.

  11. Close the RDP session and then reconnect to the instance. If a dialog box from the previous step is still open, close it.

  12. In the properties section for the local server, verify that the Ethernet setting reflects the local server IP address (

    gcloud compute instances create wsfc-1 --zone [YOUR_ZONE_1] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.4 --network wsfcnet --subnet wsfcnetsub1 --metadata enable-wsfc=true
    6, 
    gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
    6,or
    gcloud compute instances create wsfc-dc --zone [YOUR_ZONE_3] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.6 --network wsfcnet --subnet wsfcnetsub1
    2). If it doesn't, re-open the Internet Protocol Version 4 (TCP/IPv4) dialog box and update the setting.

This is a good time to take snapshots of 

gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
5 and 
gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
4.

Setting up Active Directory

Now, set up the domain controller.

  1. Use RDP to connect to the server named 
    gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
    8.
  2. Using the Windows Computer Management desktop app, set a password for the local Administrator account.
  3. Enable the local Administrator account.

  4. Follow the steps in the Microsoft instructions below to set up the domain controller, with these additional notes. You can use default values for most settings.

    • Select the DNS Server role check box. This step is not specified in the instructions.
    • Select the Restart the destination server automatically if required check box.
    • Promote the file server to a domain controller.
    • During the Add a new forest step, name your domain "WSFC.TEST".
    • Set the NetBIOS domain name to "WSFC" (the default).

    Microsoft instructions

This is a good time to take a snapshot of 

gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
8.

Create the domain user account

It can take some time for 

gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
8 to restart. Before joining servers to the domain, use RDP to sign in to 
gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
8 to validate that the domain controller is running.

You need a domain user that has administrator privileges for the cluster servers. Follow these steps:

  1. On the domain controller (
    gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
    8) click Start, and then type dsa to find and open the Active Directory Users and Computers app.
  2. Right-click WSFC.TEST, point to New, and then click User.
  3. For the Full name and the User logon name, enter 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    05.
  4. Click Next.
  5. Enter and confirm a password for the user. Select password options in the dialog box. For example, you can set the password to never expire.
  6. Confirm the settings and then click Finish.

  7. Make 

    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    05 an administrator on 
    gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
    8:

    • Right-click 
      gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
      05 and select Add to a group.
    • Type Administrators, and click OK.

This tutorial uses the 

gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
09 account as an administrator account wherever such an account is required. In a production system, follow your usual security practices for allocating accounts and permissions. For more information, see Overview of Active Directory accounts needed by a failover cluster.

Join the servers to the domain

Add the two cluster-node servers to the 

gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
10 domain. Perform the following steps on each cluster-node server (
gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
5 and 
gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
4):

  1. In Server Manager > Local Server, in the Properties pane, click WORKGROUP.
  2. Click Change.
  3. Select Domain and then enter "WSFC.TEST".
  4. Click OK.
  5. Provide the credentials for 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    09 to join the domain.
  6. Click OK.
  7. Close the dialog boxes and follow the prompts to restart the server.

  8. In Server Manager, make 

    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    05 an administrator on 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    5 and 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    4. Alternatively, you can manage administrative privileges by using a group policy.

    • On the Tools menu, select Computer Management > Local Users and Groups > Groups > Administrators, and then click Add.
    • Enter "cluster-admin" and the click Check names.
    • Click OK.

This is a good point to take snapshots of all three VMs.

Setting up failover clustering

Reserve an IP address for the cluster in Compute Engine

When you create the failover cluster, you assign an IP address to create an administrative access point. In a production environment, you might use an IP address from a separate subnet. However, in this tutorial you reserve an IP address from the subnet you already created. Reserving the IP address prevents conflicts with other IP assignments.

  1. Open a terminal on a host VM or open Cloud Shell.

    Go to Cloud Shell

  2. Reserve an IP address. For this tutorial, use 

    gcloud compute firewall-rules list
    0:

    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    1

  3. To confirm the reservation of the IP address:

    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    2

Create the cluster

To create and configure the failover cluster:

  1. Use RDP to connect 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    5 and 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    4.

  2. Follow the steps in the Microsoft instructions below, with these additional notes:

    • Install the Failover Clustering feature on 
      gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
      5 and 
      gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
      4. Don't install the Failover Clustering feature on 
      gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
      8.
    • Run the Failover Cluster Manager app as the domain user 
      gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
      09. Otherwise, you might encounter permissions issues. It's a good idea to always run Failover Cluster Manager this way or to connect to a server as 
      gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
      05 to ensure you have the required permissions.
    • Add 
      gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
      5 and 
      gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
      4 to the cluster as nodes.

    • When validating the configuration:

      • On the Testing Options​ page, select Run only tests I select​, ​and then click Next​.

      • On the Test Selection​ page, clear Storage because the Storage​ option will fail when running on Compute Engine (as it would for separate standalone physical servers).

        Common issues you might encounter during cluster validation include:

        • Only one network interface between replicas. You can ignore this one, because it doesn't apply in a cloud-based setup.
        • Windows Updates not the same on both replicas. If you configured your Windows instances to apply updates automatically, one of the nodes might have applied updates that the other hasn't downloaded yet. You should keep the servers in identical configurations.
        • Pending reboot. You've made changes to one of the servers, and it needs a reboot to apply. Don't ignore this one.
        • The servers do not all have the same domain role. You can ignore this one.
        • The servers are not all in the same Organizational Unit (OU). This tutorial doesn't use an OU at all, but in a production system consider putting your cluster in its own OU. The Microsoft instructions describe this best practice.
        • Unsigned drivers were found. You can ignore this one.

    • On the Summary page, you can select Create the cluster now using the validated nodes to continue on to create the cluster, rather than closing the wizard and reopening it.

    • In the Create Cluster Wizard, on the Access point page:

      • Name your cluster "testcluster".
      • In the Address field, enter the IP address that you reserved earlier, 
        gcloud compute firewall-rules list
        0.

    Microsoft instructions

Add the cluster administrator

Adding a domain account as an administrator for the cluster enables you to perform actions on the cluster from tools such as Windows PowerShell. Add the 

gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
05 domain account as a cluster admin.

  1. On the cluster node that hosts the cluster resources, in Failover Cluster Manager, select your cluster in the left pane and then click Properties in the right pane.
  2. Select the Cluster Permissions tab.
  3. Click Add and then add 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    05.
  4. With 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    05 selected in the Group or user names list, select Full Control in the Permissions pane.
  5. Click Apply and OK.

This is a good point to take snapshots.

Creating the file share witness

You have a two-node failover cluster, but the cluster uses a voting mechanism to decide which node should be active. To achieve a quorum, you can add a file share witness.

This tutorial simply adds a shared folder to the domain controller server. If this server were to go offline at the same time one of the cluster nodes is restarting, the entire cluster could stop working because the remaining server can't vote by itself. For this tutorial, the assumption is that the GCP infrastructure features, such as Live Migration and automatic restart, provide enough reliability to keep the shared folder alive.

If you want to create a more-highly-available file share witness, you have these options:

  • Use a cluster of Windows Servers to provide the share by using Storage Spaces Direct. This Windows Server 2016 feature can provide a highly available share for the quorum witness. For example, you could create a cluster for your Active Directory domain controller to provide both highly available domain services and provide the file share witness at the same time.
  • Use data replication software, such as SIOS Datakeeper, with Windows Failover Server Clustering for synchronous or asynchronous replication.

Follow these steps to create the file share for the witness:

  1. Connect to 
    gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
    8. This server hosts the file share.
  2. In Explorer, browse to the 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    32 drive.
  3. In the title bar, click the New Folder button.
  4. Name the new folder 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    33.
  5. Double-click the 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    33 folder to open it.
  6. Add a new folder and name it 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    35.

Configure sharing for the file share witness

You must set permissions on the file share witness folder to enable the cluster to use it.

  1. From Explorer, right-click the 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    35 folder and select Properties.
  2. On the Sharing tab, click Advanced Sharing.
  3. Select Share this folder.
  4. Click Permissions and then click Add.
  5. Click Object Types, select Computers, and then click OK.
  6. Add the machine account 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    37.
  7. Give Full Control permissions to 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    37.
  8. Click Apply and then close all the dialog boxes.

Add the file share witness to the failover cluster

Now, configure the failover cluster to use the file share witness as a quorum vote.

  1. On the computer that hosts the cluster resources (
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    5), open the Failover Cluster Manager.
  2. In the left pane, right-click the name of the cluster (testcluster.WSFC.TEST) then point to More Actions, and then click Configure Cluster Quorum Settings.
  3. On the Select Quorum Configuration Option panel, choose Select the quorum witness.
  4. On the Select Quorum Witness panel, choose Configure a file share witness.
  5. For the File Share Path, enter the path to the shared folder, such as 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    40.
  6. Confirm the settings and then click Finish.

Testing the failover cluster

Your Windows Server failover cluster should now be working. You can test manually moving cluster resources between your instances. You're not done yet, but this is a good checkpoint to validate that everything you've done so far is working.

  1. On 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    5, note the name of the Current Host Server in Failover Cluster Manager.
  2. Run Windows PowerShell as 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    05.

  3. In PowerShell, run the following command to change the current host server:

    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    3

You should see the name of the current host server change to the other VM.

If this didn't work, review the previous steps and see if you missed anything. The most common issue is a missing firewall rule that is blocking access on the network. Refer to the Troubleshooting section for more issues to check.

Otherwise, you can now move on to setting up the internal load balancer, which is required in order to route network traffic to the current host server in the cluster.

This is a good time to take snapshots.

Adding a role to the failover cluster

In Windows failover clustering, roles host clustered workloads. You can use a role to specify in the cluster the IP address that your application uses. For this tutorial, you add a role for the test workload, which is the Internet Information Services (IIS) web server, and assign an IP address to the role.

Reserve an IP address for the role in Compute Engine

To prevent IP addressing conflicts within your subnet in Compute Engine, reserve the IP address for the role.

  1. Open a terminal on a host VM or open Cloud Shell.

    Go to Cloud Shell

  2. Reserve an IP address. For this tutorial, use 

    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    8:

    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    4

  3. To confirm the reservation of the IP address:

    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    2

Add the role

Follow these steps:

  1. In Failover Cluster Manager, in the Actions pane, select Configure Role.
  2. In the Select Role page, select Other Server.
  3. In the Client Access Point page, enter the name 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    44.
  4. Set the address to 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    8.
  5. Skip Select Storage and Select Resource Types.
  6. Confirm the settings and then click Finish.

What are 3 requirements that must be met in order to build a failover cluster using Windows Server 2023?

Creating the internal load balancer

Create and configure the internal load balancer, which is required in order to route network traffic to the active cluster host node. You will use the Google Cloud console, because the user interface gives you a good view into how internal load balancing is organized.

You will also create a Compute Engine instance group for each zone in the cluster, which the load balancer uses to manage the cluster nodes.

Create the instance groups

Create an instance group in each zone that contains a cluster node and then add each node to the instance group in its zone. Don't add the domain controller 

gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
8 to an instance group.

  1. Create an instance group for each zone in the cluster, replacing 

    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    47 with the name of your first zone and 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    48 with the name of your second:

    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    6
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    7

  2. Add the server in each zone to the instance group for that zone:

    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    8
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    9

  3. Confirm that your instance groups were created and that each group contains one instance:

    gcloud compute firewall-rules create allow-rdp --network wsfcnet --allow tcp:3389 --source-ranges [YOUR_IPv4_ADDRESS]
    0
    gcloud compute firewall-rules create allow-rdp --network wsfcnet --allow tcp:3389 --source-ranges [YOUR_IPv4_ADDRESS]
    1

Create the load balancer

  1. In the Google Cloud console, go to the Load balancing page.

    Go to Load balancing

  2. Click Create Load Balancer.

  3. On the TCP Load Balancing card, click Start configuration.

  4. Select Only between my VMs and then click Continue.

  5. For Name, enter "wsfc-lb".

Don't click Create yet.

Configure the backend

Recall that the GCP internal load balancer uses a periodic health check to determine the active node. The health check pings the Compute Engine cluster host agent that is running on the active cluster node. The health check payload is the IP address of the application, which is represented by the clustered role. The agent responds with a value of 1 if the node is active or 0 if it is not.

  1. Click Backend configuration.
  2. Select your current region.
  3. Select 
    gcloud compute firewall-rules list
    2 for Network.
  4. Under Backends, add each instance group that you created by selecting its name and clicking Done.

  5. Create a health check.

    • For Name, enter "wsfc-hc".
    • Accept the default Protocol setting of TCP and change the Port to "59998" for cluster host agent responses.
    • For Request, enter "10.0.0.9".
    • For Response, enter "1".
    • For Check interval, enter "2".
    • For Timeout enter "1".
    • Click Save and continue.

Configure the frontend

The frontend configuration creates a forwarding rule that defines how the load balancer handles incoming requests. For this tutorial, to keep it simple, you will test the system by making requests between the VMs in the subnetwork.

In your production system, you probably want to open the system up to external traffic, such as Internet traffic. To do this, you can create a bastion host that accepts external traffic and forwards it to your internal network. Using a bastion host is not covered in this tutorial.

  1. In the center pane, click Frontend configuration.
  2. For Name, enter "wsfc-lb-fe".
  3. Select your subnetwork (
    gcloud compute firewall-rules list
    4).
  4. For Internal IP, select load-balancer-ip (10.0.0.9). This is the same IP address that you set for the role.
  5. For Ports, enter "80".
  6. Click Done.

Review and finalize

  1. To see a summary of the internal load balancer settings, in the center pane, click Review and finalize. The summary appears in the right pane.

  2. Click Create. It takes a moment to create the load balancer.

    What are 3 requirements that must be met in order to build a failover cluster using Windows Server 2023?

Create firewall rules for the health check

You might have noticed that the Google Cloud console notified you that the health-check system would require a firewall rule to enable the health checks to reach their targets. In this section, you set up the firewall rule.

Note: The documentation about setting up an internal load balancer instructs you to create a firewall rule for the load balancer itself. For this tutorial, this is not needed because you already created a rule that allows all traffic between nodes on the subnet, and the load balancer is operating within this CIDR range and using only allowed ports.

  1. In the Google Cloud console, go to the Cloud Shell.

    Go to Cloud Shell

  2. Run the following command to create the firewall rule:

    gcloud compute firewall-rules create allow-rdp --network wsfcnet --allow tcp:3389 --source-ranges [YOUR_IPv4_ADDRESS]
    2

Open the Windows Firewall

On each cluster node, 

gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
5 and 
gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
4, create a firewall rule in the Windows firewall to allow the load balancer to access each Windows system.

  1. Open the Windows Firewall with Advanced Security app.

  2. In the left navigation pane, select Inbound Rules.

  3. In the right navigation pane, select New Rule.

  4. On the Rule Type panel, select Custom as the rule type and click Next.

  5. On the Program panel, accept the default and click Next.

  6. On the Protocol and Ports panel:

    1. In the Protocol type: field, select TCP.
    2. In the Local port: field, select Specific Ports and enter 
      gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
      53.

  7. On the Scope panel, under Which remote IP addresses does this rule apply to:

    1. Select These IP addresses:.

    2. Add each of the following IP address to the This IP address or subnet field by clicking Add:

      • gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
        54
      • gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
        55

    3. Click Next.

  8. On the Action panel, accept Allow the connection and click Next.

  9. On the Profile panel, accept the defaults and click Next.

  10. Specify a name for the firewall rule and click Finish.

Validating the load balancer

After your internal load balancer is running, you can inspect its status to validate that it can find a healthy instance, and then test failover again.

  1. In the Google Cloud console, go to the Load balancing page.

    Go to Load balancing

  2. Click the name of the load balancer (

    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    56).

    In the Backend section of the summary, you should see the instance groups listed.

    In the following image from the details page of the 

    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    56 load balancer, instance group 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    58 contains the active node, as indicated by 1 / 1 in the Healthy column. Instance group 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    59 contains the inactive node, as indicated by 0 / 1.

    What are 3 requirements that must be met in order to build a failover cluster using Windows Server 2023?

    If both instance groups show 0 / 1, the load balancer might still be syncing with the nodes. Sometimes, you need to do at least one failover action to get the load balancer to find the IP address.

  3. In Failover Cluster Manager, expand the cluster name and click on Roles. In the Owner Node column, note the server name for the IIS role.

  4. Start a failover by right-clicking the IIS role and selecting Move > Best Possible Node. This action moves the role to the other node, as shown in the Owner Node column.

    What are 3 requirements that must be met in order to build a failover cluster using Windows Server 2023?

  5. Wait until the Status shows Running.

  6. Return to the Load balancer details page, click Refresh, and verify that the 1 / 1 and 0 / 1 values in the Healthy column have switched instance groups.

    What are 3 requirements that must be met in order to build a failover cluster using Windows Server 2023?

Tip: You can use the gcloud CLI to check which instance is healthy, where 
gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
60 is your region:
gcloud compute firewall-rules create allow-rdp --network wsfcnet --allow tcp:3389 --source-ranges [YOUR_IPv4_ADDRESS]
3

The output looks like the following:

gcloud compute firewall-rules create allow-rdp --network wsfcnet --allow tcp:3389 --source-ranges [YOUR_IPv4_ADDRESS]
4

Installing your application

Now that you have a cluster, you can set up your application on each node and configure it for running in a clustered environment.

For this tutorial, you need to set up something that can demonstrate that the cluster is really working with the internal load balancer. Set up IIS on each VM to serve a simple web page.

You're not setting up IIS for HA in the cluster. You are creating separate IIS instances that each serve a different web page. After a failover, the web server serves its own content, not shared content.

Setting up your application or IIS for HA is beyond the scope of this tutorial.

Set up IIS

  1. On each cluster node, install IIS.

    • On the Select role services page, be sure that Default Document is selected under Common HTTP Features.
    • On the Confirmation page, select the checkbox that enables automatic restarting of the destination server.

  2. Validate that each web server is working.

    1. Use RDP to connect to the VM named 
      gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
      8.
    2. In Server Manager, click Local Server in the navigation pane on the left side of the window.
    3. in the Properties section at the top, turn off IE Enhanced Security Configuration.
    4. Open Internet Explorer.

    5. Browse to the IP address of each server:

      gcloud compute firewall-rules create allow-rdp --network wsfcnet --allow tcp:3389 --source-ranges [YOUR_IPv4_ADDRESS]
      5
      gcloud compute firewall-rules create allow-rdp --network wsfcnet --allow tcp:3389 --source-ranges [YOUR_IPv4_ADDRESS]
      6

In each case, you see the Welcome page, which is the default IIS web page.

Edit the default web pages

Change each default web page so you can easily see which server is currently serving the page.

  1. Use RDP to connect to the VM named 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    5.
  2. Run Notepad as administrator.
  3. Open 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    63 in Notepad. Remember to browse for All Files, not just text files.

  4. In the 

    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    64 element, change the text to the name of the current server. For example:

    gcloud compute firewall-rules create allow-rdp --network wsfcnet --allow tcp:3389 --source-ranges [YOUR_IPv4_ADDRESS]
    7

  5. Save the HTML file.

  6. Repeat these steps for 

    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    4, setting the 
    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    64 element to 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    4.

Now, when you view a web page served from one of these servers, the name of the server appears as the title in the Internet Explorer tab.

Test the failover

  1. Use RDP to connect to the VM named 
    gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
    8.
  2. Open Internet Explorer.

  3. Browse to the IP address of the load balancer role:

    gcloud compute firewall-rules create allow-rdp --network wsfcnet --allow tcp:3389 --source-ranges [YOUR_IPv4_ADDRESS]
    8

    You see the Welcome page with the name of the current server displayed in the tab title.

  4. Stop the current server to simulate a failure. In Cloud Shell, run the following command, replacing 

    gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
    69 with the name of the current server you saw in the previous step, such as 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    5:

    gcloud compute firewall-rules create allow-rdp --network wsfcnet --allow tcp:3389 --source-ranges [YOUR_IPv4_ADDRESS]
    9

  5. Switch to your RDP connection to 

    gcloud compute instances create wsfc-2 --zone [YOUR_ZONE_2] --machine-type n1-standard-2 --image-project windows-cloud --image-family windows-2016 --scopes https://www.googleapis.com/auth/compute --can-ip-forward --private-network-ip 10.0.0.5 --network wsfcnet --subnet wsfcnetsub1  --metadata enable-wsfc=true
    8.

    It can take a few moments for the load balancer to detect the move and reroute the traffic.

  6. After 30 seconds or so, refresh the page in Internet Explorer.

    You should now see the name of the new active node displayed in the tab title. For example, if you started with 

    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    5 active, you now see 
    gcloud compute firewall-rules create allow-all-subnet --network wsfcnet --allow all --source-ranges 10.0.0.0/16
    4 in the title. If you don't see the change right away or see a page-not-found error, refresh the browser again.

Congratulations! You now have a working Windows Server 2016 failover cluster running on GCP.

Troubleshooting

Here are some common issues you can check if things aren't working.

GCP firewall rules blocks health check

If the health check isn't working, double-check that you have a firewall rule to enable incoming traffic from the IP addresses that the health check system uses: 

gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
54and 
gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
55.

Windows Firewall blocks health check

Make sure port 59998 is open in Windows Firewall on each cluster node. See Open the Windows Firewall.

Cluster nodes using DHCP

It's important that each VM in the cluster has a static IP address. If a VM is configured to use DHCP in Windows, change the networking settings in Windows to make the IPv4 address match the IP address of the VM as shown in the Google Cloud console. Also set the gateway IP address to match the address of the subnetwork gateway in the GCP VPC.

GCP network tags in firewall rules

If you use network tags in your firewall rules, be sure the correct tags are set on every VM instance. This tutorial doesn't use tags, but if you've set them for some other reason, they must be used consistently.

Clean up

To avoid incurring charges to your Google Cloud account for the resources used in this tutorial, either delete the project that contains the resources, or keep the project and delete the individual resources.

After you finish the tutorial, you can clean up the resources that you created so that they stop using quota and incurring charges. The following sections describe how to delete or turn off these resources.

Deleting the project

The easiest way to eliminate billing is to delete the project that you created for the tutorial.

To delete the project:

    Caution: Deleting a project has the following effects:
    • Everything in the project is deleted. If you used an existing project for this tutorial, when you delete it, you also delete any other work you've done in the project.
    • Custom project IDs are lost. When you created this project, you might have created a custom project ID that you want to use in the future. To preserve the URLs that use the project ID, such as an 
      gcloud compute networks subnets create wsfcnetsub1 --network wsfcnet --region [YOUR_REGION] --range 10.0.0.0/16
      76 URL, delete selected resources inside the project instead of deleting the whole project.

    If you plan to explore multiple tutorials and quickstarts, reusing projects can help you avoid exceeding project quota limits.

  1. In the Google Cloud console, go to the Manage resources page.

    Go to Manage resources

  2. In the project list, select the project that you want to delete, and then click Delete.
  3. In the dialog, type the project ID, and then click Shut down to delete the project.

Cleaning up resources without deleting the project

If you need to keep your project, you can clean up the tutorial resources by deleting them individually.

What are requirements of Failover Clustering?

Windows Failover Cluster requirements.
Windows Server should be able to ping the DNS and NTP servers..
Appropriate admin credentials should be set up with access for creation of Windows Failover Cluster Computer Object..
RDM Disks added to the Windows Servers should be accessible by all the servers in the cluster..

What are 3 requirements that must be met in order to build a failover cluster using Windows Server 2016?

All servers must use the same version of Windows Server 2016. All servers must be joined to an Active Directory domain. All servers must use identical hardware components.

What are the infrastructure and software requirements for a failover cluster?

It's required that the multipath I/O (MPIO) software be identical and that the Device Specific Module (DSM) software be identical. It's recommended that the mass-storage device controllers— the host bus adapter (HBA), HBA drivers, and HBA firmware—that are attached to cluster storage be identical.

What are the major components that you must configure before deploy a failover cluster?

Before you install a SQL Server failover cluster, you must select the hardware and the operating system on which SQL Server will run. You must also configure Windows Server Failover Clustering (WSFC) and review network, security, and considerations for other software that will run on your failover cluster.

Hyper-V Failover cluster Cluster shared volume

Bài Viết Liên Quan

Lợi dụng chức vụ quyền hạn là gì năm 2024
Lợi dụng chức vụ quyền hạn là gì năm 2024

là ai Hỏi Đáp Là gì
Không có bạn thân cảm giác như thế nào năm 2024
Không có bạn thân cảm giác như thế nào năm 2024

mẹo hay Hỏi Đáp Thế nào
Giò sống tiếng anh là gì năm 2024
Giò sống tiếng anh là gì năm 2024

là ai Hỏi Đáp Là gì Học Tốt Tiếng anh Pork Paste Vietnamese pork paste
Dienbien.gov.vn mẫu thiết kế dự toán 2023-2023 năm 2024
Dienbien.gov.vn mẫu thiết kế dự toán 2023-2023 năm 2024

mẹo hay
Kết quả của quá trình phong hóa hóa học năm 2024
Kết quả của quá trình phong hóa hóa học năm 2024

mẹo hay Học Tốt Học
Khô miệng rát lưỡi là bệnh gì năm 2024
Khô miệng rát lưỡi là bệnh gì năm 2024

là ai
Nước mỹ nằm ở khu vực nào trên thế giới năm 2024
Nước mỹ nằm ở khu vực nào trên thế giới năm 2024

mẹo hay
Cám cho gà hãng nào an toàn tôt nhất năm 2024
Cám cho gà hãng nào an toàn tôt nhất năm 2024

mẹo hay
Cách sử dụng honeybush skin care jelly như thế nào năm 2024
Cách sử dụng honeybush skin care jelly như thế nào năm 2024

mẹo hay Hỏi Đáp Thế nào Mẹo Hay Cách
Lực lượng chức năng tiếng anh là gì năm 2024
Lực lượng chức năng tiếng anh là gì năm 2024

là ai Hỏi Đáp Là gì Học Tốt Tiếng anh
Thị kính là thấu kính gì năm 2024
Thị kính là thấu kính gì năm 2024

là ai
Bài giảng về mục đích học tập của học sinh năm 2024
Bài giảng về mục đích học tập của học sinh năm 2024

mẹo hay Học Tốt Học
Giải bài tập toán lớp 9 bài 27 trang 58 năm 2024
Giải bài tập toán lớp 9 bài 27 trang 58 năm 2024

mẹo hay Khỏe Đẹp Bài tập
Ăn như thế nào để vào con không vào mẹ năm 2024
Ăn như thế nào để vào con không vào mẹ năm 2024

mẹo hay Hỏi Đáp Thế nào
Top 10 business schools in uk for mba năm 2024
Top 10 business schools in uk for mba năm 2024

mẹo hay Top List Top Top MBA UK Lancaster mba Durham mba fee Durham university mba Imperial mba apply London Business School
Làm thế nào để trở thành một sale giỏi năm 2024
Làm thế nào để trở thành một sale giỏi năm 2024

mẹo hay Hỏi Đáp Thế nào
Kim thu sét tiếng anh là gì năm 2024
Kim thu sét tiếng anh là gì năm 2024

là ai Hỏi Đáp Là gì Học Tốt Tiếng anh Lightning rod Lightning arrester Lightning conductor Lightning protection system
Cốc cốc bị lỗi không mở được trên máy tính năm 2024
Cốc cốc bị lỗi không mở được trên máy tính năm 2024

mẹo hay Công Nghệ Máy tính Máy Tải Cốc Cốc
Trái tim đen trên facebook là gì năm 2024
Trái tim đen trên facebook là gì năm 2024

là ai Hỏi Đáp Là gì Công Nghệ Facebook 🖤 là gì
Lỗi sketchup bug spat sau khi cài vray 3.6 năm 2024
Lỗi sketchup bug spat sau khi cài vray 3.6 năm 2024

mẹo hay

Quảng Cáo

Có thể bạn quan tâm

Mỗi lần thanh toán trục tuyến của viettinbankhết bao nhiêu năm 2024
23 giờ trước . bởi StatutoryBonding
Ct tnhh là gì ct cp là gi năm 2024
1 ngày trước . bởi SubduedMayhem
Văn 9 miêu tả trong vb tự sự năm 2024
1 ngày trước . bởi EasyFerocity
02 phan văn đáng phường thạnh mỹ lợi năm 2024
1 ngày trước . bởi TranquilRefrigerator
Chẳng có gì gọi là đúng người sai thời điểm năm 2024
1 ngày trước . bởi DisappointingWiring
Sữa rửa mặt cetaphil 250ml giá bao nhiêu năm 2024
1 ngày trước . bởi RareDemonstration
Giờ trái đất 2023 tiết kiệm được bao nhiêu tphcm năm 2024
1 ngày trước . bởi StylizedMadness
Có thể thu khí oxi vào bình bằng cách nào năm 2024
1 ngày trước . bởi Man-madePerusal
Mạng máy tính là gì mạng internet là gì năm 2024
1 ngày trước . bởi TragicHandshake
How to win top easy dragon ball final stand năm 2024
1 ngày trước . bởi UnfocusedCounselor

Toplist được quan tâm

#1
Top 5 đáp án sách giáo dục địa phương lớp 6 2023
5 tháng trước
#2
Top 9 ý nghĩa nhan đề của bài thơ quê hương 2023
5 tháng trước
#3
Top 6 thủy thủ mặt trăng pha lê tập 27 thuyết minh 2023
5 tháng trước
#4
Top 8 trong một nhóm a, theo chiều tăng của điện tích hạt nhân thì 2023
5 tháng trước
#5
Top 8 de thi học kì 2 lớp 12 môn toán có đáp an trắc nghiệm file word 2022 2023
5 tháng trước
#6
Top 7 chuyện tình nàng trinh nữ tên thi ý nghĩa 2023
5 tháng trước
#7
Top 3 lương y dương thị minh chữa bệnh tiểu đường 2023
5 tháng trước
#8
Top 2 nồi chiên không dầu 2good s20 điện máy xanh 2023
5 tháng trước
#9
Top 9 trẻ sơ sinh bị đỏ mắt chảy ghèn 2023
5 tháng trước

Quảng cáo

Xem Nhiều

Phần mềm hỗ trợ soạn thảo văn bản năm 2024
1 tuần trước . bởi CapitalisticContents
Dấu hiệu viêm lộ tuyến là gì năm 2024
6 ngày trước . bởi SurprisingAccommodation
Bài tập unit 1 tiếng anh 9 thí điểm năm 2024
3 ngày trước . bởi GrowingCountryman
Năm trăm đồng năm 1985 mua được bao nhiêu vàng năm 2024
1 tuần trước . bởi CopiousObserver
De thi đại học môn toán khối d năm 2008 năm 2024
1 tuần trước . bởi AutumnalContentment
Thay đèn xe máy hết bao nhiêu tiền năm 2024
1 tuần trước . bởi CunningHeadquarters
261 lê văn lương p.tân quy q7 năm 2024
1 tuần trước . bởi FleeingBeginner
Sân bóng đá trường chu văn an rộng bao nhiêu năm 2024
3 ngày trước . bởi AdjustableSelf-respect
Gối chống trào ngược tiếng anh là gì năm 2024
6 giờ trước . bởi ComicNursery
Có bao nhiêu chuối đã qu tay các mẹ năm 2024
5 ngày trước . bởi AutomatedExamination

Quảng cáo

Chúng tôi

Điều khoản

Trợ giúp

Mạng xã hội

DMCA.com Protection Status
Bản quyền © 2021 lutrader.com Inc.