today I will provide a short checklist what I do after I configured a Microsoft Failover Cluster.
I need to say, the blogpost is inspired by some consultants who think they are so gifted with fucking awesomeness that they can install a (mal)functioning Hyper-V Cluster incl. System Center Virtual Machine Manager with all Components and Software Defined Network in only 6 hours in whole and even don’t know what a VLAN or IP Subnet is.
So than let us start.
We are now on the point that you successfully installed your failover cluster.
- You need to configure the Cluster Quorum and Witness for your cluster. I would suggest you to use the same witness typ like the storage you use. So if you use a SMB File based storage you should use a fileshare witness or even with Server 2016 an Azure Witness. If you use a block storage, you should use a disk witness on the storage your hosting you LUNs with. Mixing up different types of storage and witness in a cluster could sometimes a bit troublemaking. Best Practice is to use disk witness if possible. When you are using fileshare witness never open a fileshare on a Host within you cluster or a virtual machine which is running on the cluster. The could properly result in some issues or even a split brain issue during maintenance or failure scenarios.
- After you configured the quorum, you should configure the communication of your cluster heartbeat. Therefor you can use the following small script.
Cluster NetworkPowerShell12345$Cluster = "<your cluster network name>"$MGM = "<your management network name>"(Get-ClusterNetwork "$Cluster").Metric = 100(Get-ClusterNetwork "$MGM").Metric = 300Get-Clusternetwork | ft Name, Metric, AutoMetric -AutoSize
- Configure the firewalls of you cluster nodes. NO NOT DISABLE THE FIREWALL, configure it as it is needed for your service. The reason why you shouldn’t disable the firewall is that at first you lose a security layer and open gates for attacks within the network. The second is that some windows services and applications may not function right with disabled firewall.
- Afterwards you need to configure the Active Directory Organizational Unit delegation so that the cluster service can create and change objects within the active directory. That is needed to create cluster aware update or new cluster roles. Delegation of Cluster Machine Accounts with Active Directory
- If you need or wish to configure Kerberos constrained delegation, now is the point to do so for your cluster.
- Configure cluster aware updating for cluster. Starting with Cluster-Aware Updating: Self-Updating
- Configure your backup
- Make Failover tests for all cluster nodes, cluster roles and services and test you backup and the recovery
- Last but not DOCUMENTATION. Document what you have done, so that also your coworkers can see how awesome you are 😉
I hope that helps you a bit in your daily work.