How to extend Azure Service Fabric to on-premise?

You can deploy a Service Fabric cluster on any physical or virtual machine running the Windows Server operating system, including ones residing in your on-premises datacenters. You use the standalone Windows Server package available for download from the Azure online documentation website (see here).

To deploy an on-premises Service Fabric cluster, perform the following steps:

  1. Plan for your cluster infrastructure. You must consider the resiliency of the hardware and network components and the physical security of their location because in this scenario, you can no longer rely on the resiliency and security features built in to the Azure platform.
  2. Prepare the Windows Server computer to satisfy the prerequisites. Each computer must be running Windows Server 2012 or Windows Server 2012 R2, have at least 2 GB of RAM, and have the Microsoft .NET Framework 4.5.1 or later. Additionally, ensure that the Remote Registry service is running.
  3. Determine the initial cluster size. At a minimum, the cluster must have three nodes, with one node per physical or virtual machine. Adjust the number of nodes according to your projected workload.
  4. Determine the number of fault domains and upgrade domains. The assignment of fault domains should reflect the underlying physical infrastructure and the level of its resiliency to a single component failure. Typically, you consider a single physical rack to constitute a single fault domain. The assignment of upgrade domains should reflect the number of nodes that you plan to take down during application or cluster upgrades.
  5. Download the Service Fabric standalone package for Windows Server.
  6. Define the cluster configuration. Specify the cluster settings before provisioning. To do this, modify the ClusterConfig.json file included in the Service Fabric standalone package for Windows Server. The file has several sections, including:
    o    NodeTypes. NodeTypes allow you to divide cluster nodes into groups represented by a node types and assign common properties to the nodes within each group. These properties specify endpoint ports, placement constraints, or capacities.
    o    Nodes. Nodes determine the settings of individual cluster nodes, such as the node name, IP address, fault domain, or upgrade domain.
  7. Run the create cluster script. After you modify the ClusterConfig.json file to match your requirements and preferences, run the CreateServiceFabricCluster.ps1 Windows PowerShell script and reference the .json file as its parameter. You can run the script on any computer with connectivity to all the cluster nodes.
  8. Connect to the cluster. To manage the cluster, connect to it via http://IP_Address_of_a_node:19080/Explorer/index.htm, where IP_Address_of_a_node is the IP address of any of the cluster nodes.

 

Cheers,

Marcos Nogueira
azurecentric.com
Twitter: @mdnoga

Virtualizing Your Data Center with Hyper-V and System Center

Free online event with live Q&A: http://aka.ms/virtDC

Wednesday, February 19th from 9am – 5pm PST

If you’re new to virtualization, or if you have some experience and want to see the latest R2 features of Windows Server 2012 Hyper-V or Virtual Machine Manager, join us for a day of free online training with live Q&A to get all your questions answered. Learn how to build your infrastructure from the ground up on the Microsoft stack, using System Center to provide powerful management capabilities. Microsoft virtualization experts Symon Perriman and Matt McSpirit (who are also VMware Certified Professionals) demonstrate how you can help your business consolidate workloads and improve server utilization, while reducing costs. Learn the differences between the platforms, and explore how System Center can be used to manage a multi-hypervisor environment, looking at VMware vSphere 5.5 management, monitoring, automation, and migration. Even if you cannot attend the live event, register today anyway and you will get an email once we release the videos for on-demand replay! 

Topics include

Introduction to Microsoft Virtualization

Host Configuration

Virtual Machine Clustering and Resiliency

Virtual Machine Configuration

Virtual Machine Mobility

Virtual Machine Replication and Protection

Network Virtualization

Virtual Machine and Service Templates

Private Clouds and User Roles

System Center 2012 R2 Data Center

Virtualization with the Hybrid Cloud

VMware Management, Integration, and Migration

Register here: http://aka.ms/virtDC

Also check out the www.MicrosoftVirtualAcademy.com for other free training and live events.

Cluster Shared Volumes (CSV) errors on Hyper-V Cluster

In a failover cluster, virtual machines can use Cluster Shared Volumes that are on the same LUN (disk), while still being able to fail over (or move from node to node) independently of one another. Virtual machines can use a Cluster Shared Volume only when communication between the cluster nodes and the volume is functioning correctly, including network connectivity, access, drivers, and other factors.

You probably didn’t notice any issues with your VMs, but If you are getting the following events on your Hyper-V Cluster nodes, regarding the CSV volume:

Warning – Disk 153

“The description for Event ID 153 from source disk cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

The following information was included with the event:

DeviceHarddisk5DR5

the message resource is present but the message is not found in the string/message table

Information – Microsoft-Windows-FailoverClustering 5121

“The description for Event ID 5121 from source Microsoft-Windows-FailoverClustering cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Volume2

Cluster Disk 2 – Volume2

Error – Microsoft-Windows-FailoverClustering 5120

“The description for Event ID 5120 from source Microsoft-Windows-FailoverClustering cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Volume1

Cluster Disk 1 – Volume1

STATUS_DEVICE_BUSY(80000011)

That means there has been an interruption to communication between a cluster node and a volume in Cluster Shared Volumes. This interruption may be short enough that it is not noticeable, or long enough that it interferes with services and applications using the volume

How to resolve it

CSV – Review events related to communication with the volume

To perform the following procedure, you must be a member of the local Administrators group on each clustered server, and the account you use must be a domain account, or you must have been delegated the equivalent authority.

To open Event Viewer and view events related to failover clustering:

1. If Server Manager is not already open, click Start, click Administrative Tools, and then click Server Manager. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

2. In the console tree, expand Diagnostics, expand Event Viewer, expand Windows Logs, and then click System.

3. To filter the events so that only events with a Source of FailoverClustering are shown, in the Actions pane, click Filter Current Log. On the Filter tab, in the Event sources box, select FailoverClustering. Select other options as appropriate, and then click OK.

4. To sort the displayed events by date and time, in the center pane, click the Date and Time column heading.

CSV – Check storage and network configuration

To perform the following procedures, you must be a member of the local Administrators group on each clustered server, and the account you use must be a domain account, or you must have been delegated the equivalent authority.

Gathering information about the condition and configuration of a disk in Cluster Shared Volumes

To gather information about the condition and configuration of a disk in Cluster Shared Volumes:

1. Scan appropriate event logs for errors that are related to the disk.

2. Review information available in the interface for the storage and if needed, contact the vendor for information about the storage.

3. To open the failover cluster snap-in, click Start, click Administrative Tools, and then click Failover Cluster Manager. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

4. In the Failover Cluster Manager snap-in, expand the console tree and click Cluster Shared Volumes. In the center pane, expand the listing for the volume that you are gathering information about. View the status of the volume.

5. Still in the center pane, to prepare for testing a disk in Cluster Shared Volumes, right-click the disk, click Take this resource offline, and then if prompted, confirm your choice. Repeat this action for any other disks that you want to test.

6. Right-click the cluster containing the Cluster Shared Volumes, and then click Validate This Cluster.

7. On the Testing Options page, select Run only tests I select.

8. On the Test Selection page, clear the check boxes for System Configuration and Network. This leaves the tests for Cluster Configuration, Inventory, and Storage. You can run all these tests, or you can select only the specific tests that appear relevant to your situation.

NOTE: If you run the Storage tests you will have downtime in your Cluster. Not recommend if you are troubleshooting on a production environment.

9. Follow the instructions in the wizard to run the tests.

10. On the Summary page, click View Report.

11. Under Results by Category, click Storage, click any test that is not labelled as Success, and then view the results.

12. Scroll back to the top of the report, and under Results by Category, click Cluster Configuration, and then click List Cluster Network Information. Confirm that any network that you intend for communication between nodes and Cluster Shared Volumes is labelled either Internal use or Internal and client use. Confirm that other networks (for example, networks used only for iSCSI and not for cluster network communication) do not have these labels.

13. If the information in the report shows that one or more networks are not configured correctly, return to the Failover Cluster Manager snap-in and expand Networks. Right-click the network that you want to modify, click Properties, and then make sure that the settings for Allow the cluster to use this network and Allow clients to connect through this network are configured as intended.

14. To bring disks back online, click Cluster Shared Volumes and, in the center pane, right-click a disk, and then click Bring this resource online. Repeat this action for any other disks that you want to bring online again.

Verifying settings for a network designated for network communication with Cluster Shared Volumes

To verify settings for a network designated for network communication with Cluster Shared Volumes:

1. Click Start, click Control Panel, click Network and Internet, and then click Network and Sharing Center.

2. In the Tasks pane, click Change adapter settings.

3. Right-click the connection you want, and then click Properties.

4. Make sure that the following check boxes are selected:

  • Client for Microsoft Networks
  • File and Printer Sharing for Microsoft Networks

Verifying that the required NTLM authentication is allowed

1. On a node in the cluster, to see the security policies that are in effect locally, click Start, click Administrative Tools, and then click Local Security Policy.

2. Navigate to Security SettingsLocal PoliciesSecurity Options.

3. In the center pane, click the Policy heading to sort the policies alphabetically.

4. Review Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication and the items that follow it. If items related to “server exceptions” are marked Disabled, or other items have specific settings, a policy may be in place that is interfering with NTLM authentication on this server. If this is the case, contact an appropriate administrator (for example, your administrator for Active Directory or security) to ensure that NTLM authentication is allowed for cluster nodes that are using Cluster Shared Volumes.

Opening Event Viewer and viewing events related to failover clustering

To open Event Viewer and view events related to failover clustering:

1. If Server Manager is not already open, click Start, click Administrative Tools, and then click Server Manager. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

2. In the console tree, expand Diagnostics, expand Event Viewer, expand Windows Logs, and then click System.

3. To filter the events so that only events with a Source of FailoverClustering are shown, in the Actions pane, click Filter Current Log. On the Filter tab, in the Event sources box, select FailoverClustering. Select other options as appropriate, and then click OK.

4. To sort the displayed events by date and time, in the center pane, click the Date and Time column heading.

Finding more information about the error codes that some event messages contain

To find more information about the error codes that some event messages contain:

1. View the event, and note the error code.

2. Look up more information about the error code in one of two ways:

NET HELPMSG errorcode

How to verify it

Confirm that the Cluster Shared Volume can come online. If there have been recent problems with writing to the volume, it can be appropriate to monitor event logs and monitor the function of the corresponding clustered virtual machine, to confirm that the problems have been resolved.

To perform the following procedures, you must be a member of the local Administrators group on each clustered server, and the account you use must be a domain account, or you must have been delegated the equivalent authority.

Confirming that a Cluster Shared Volume can come online

To confirm that a Cluster Shared Volume can come online:

1. To open the failover cluster snap-in, click Start, click Administrative Tools, and then click Failover Cluster Manager. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

2. In the Failover Cluster Manager snap-in, if the cluster you want to manage is not displayed, in the console tree, right-click Failover Cluster Manager, click Manage a Cluster, and then select or specify the cluster that you want.

3. If the console tree is collapsed, expand the tree under the cluster you want to manage, and then click Cluster Shared Volumes.

4. In the center pane, expand the listing for the volume that you are verifying. View the status of the volume.

5. If a volume is offline, to bring it online, right-click the volume and then click Bring this resource online.

Using a Windows PowerShell command to check the status of a resource in a failover cluster

To use a Windows PowerShell command to check the status of a resource in a failover cluster:

1. On a node in the cluster, click Start, point to Administrative Tools, and then click Windows PowerShell Modules. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

2. Type: Get-ClusterSharedVolume

If you run the preceding command without specifying a resource name, status is displayed for all Cluster Shared Volumes in the cluster.

Integration between Hyper-V Network Virtualization and Windows Server Gateway

One of features on Windows Server 2012 R2 that was improved since the last version is network virtualization. Virtual networks are created by using Hyper-V Network Virtualization, which is a technology that was introduced in Windows Server 2012.

In Windows Server 2012 R2 have now a service that help enable datacenters and clouds networks traffic been routed between virtual and physical networks, including the Internet. The service responsible for routing all the traffic is Windows Server Gateway. Windows Server Gateway is a vm-based software router that is able to route network traffic effectively between different datacenters or between datacenters and cloud.

How it works

Hyper-V Network Virtualization provides the concept of a virtual machine (VM) network that is independent of the underlying physical network. With this concept of VM networks, which are composed of one or more virtual subnets, the exact physical location of an IP subnet is decoupled from the virtual network topology. As a result, organizations can easily move their subnets to the cloud while preserving their existing IP addresses and topology in the cloud. This ability to preserve infrastructure allows existing services to continue to work, unaware of the physical location of the subnets. That is, Hyper-V Network Virtualization enables a seamless hybrid cloud.

In both private and hybrid cloud environments using Windows Server 2012, however, it was difficult to provide connectivity between VMs on the virtual network and resources on physical networks at local and remote sites, creating a circumstance where virtual subnets were islands separated from the rest of the network.

In Windows Server 2012 R2, Windows Server Gateway routes network traffic between the physical network and VM network resources, regardless of where the resources are located. You can use Windows Server Gateway to route network traffic between physical and virtual networks at the same physical location or at many different physical locations.

One example is, if you have both a physical network and a virtual network at the same physical location, you can deploy a server running Hyper-V that is configured with a Windows Server Gateway VM to act as a forwarding gateway and route traffic between the virtual and physical networks.

Another example is, if your virtual networks exist in the cloud, your cloud can deploy a Windows Server Gateway so that you can create a virtual private network (VPN) site-to-site connection between your VPN server and the cloud’s Windows Server Gateway; when this link is established you can connect to your virtual resources in the cloud over the VPN connection.

Integration between Hyper-V Network Virtualization and Windows Server Gateway

Windows Server Gateway is integrated with Hyper-V Network Virtualization, and is able to route network traffic effectively in circumstances where there are many different tenants – who have isolated virtual networks in the same datacenter.

Multi-tenancy is the ability of a cloud infrastructure to support the virtual machine workloads of multiple tenants, but isolate them from each other, while all of the workloads run on the same infrastructure. The multiple workloads of an individual tenant can interconnect and be managed remotely, but these systems do not interconnect with the workloads of other tenants, nor can other tenants remotely manage them.

How to use

There are different way that you can use Windows Server Gateway in your organization. It will depend what is overall solution that you want to achieve. You can use Windows Server Gateway in this situation:

  • Windows Server Gateway as a forwarding gateway for private cloud environments
  • Windows Server Gateway as a site-to-site VPN gateway for hybrid cloud environments
  • Multitenant Network Address Translation (NAT) for VM Internet access
  • Multitenant remote access VPN connections

Windows Server Gateway as a forwarding gateway for private cloud environments

For Enterprises that deploy an on-premises private cloud, Windows Server Gateway can act as a forwarding gateway and route traffic between virtual networks and the physical network.

If you have created virtual networks for one or more of your clouds, but many of your key resources (such as Active Directory Domain Services, SharePoint, or DNS) are on your physical network, Windows Server Gateway can route traffic between the virtual network and the physical network to provide users working on the virtual network with all of the services that they need.

In the illustration below, the physical and virtual networks are at the same physical location. Windows Server Gateway is used to route traffic between the physical network and virtual networks.

clip_image001

Windows Server Gateway as a site-to-site VPN gateway for hybrid cloud environments

If your infrastructure is a hybrid cloud, Windows Server Gateway provides a multitenant gateway solution that allows your tenants to access and manage their resources over site-to-site VPN connections from remote sites, and that allows network traffic flow between virtual resources in your datacenter and their physical network.

In the illustration below, a Cloud Service Provider (example Azure) provides datacenter network access to multiple tenants, some of whom have multiple sites across the Internet. In this example, tenants use third party VPN servers at their corporate sites, while the CSP uses Windows Server Gateway for the site-to-site VPN connections.

clip_image002

Multitenant Network Address Translation (NAT) for VM Internet access

In the illustration below, a home user running a Web browser on their computer makes a purchase on the Internet from a Contoso Web server that is a VM on the Contoso Virtual Network. During the purchasing process, the Web app verifies the credit card information provided by the home user by connecting to a Financial Services company on the Internet. This ability to connect from the virtual network to Internet resources is provided when NAT is enabled on the CSP Windows Server Gateway.

clip_image003

Multitenant remote access VPN connections

In the illustration below, Administrators use VPN dial-in connections to administer VMs on their corporate virtual networks. The Administrator from Contoso initiates the VPN connection from an Internet-enabled branch office, and connects through the CSP Windows Server Gateway to the Contoso Virtual Network.

Similarly, the Northwind Traders Administrator establishes a VPN connection from a residence office to manage VMs on the Northwind Traders Virtual Network.

clip_image004

MPIO on Hyper-V Server

On the previous version of Windows Server (prior Windows Server 2012) you have to download and install MultiPath I/O (MPIO). Since Windows Server 2012 MPIO is a feature that you can enable. Because it’s a feature that comes with the server, means that you will have the PowerShell cmdlets available.

Use of the MPIO module in Windows PowerShell requires an “elevated” PowerShell window, opened with Administrator privileges.

How to do it

 

Installing MPIO using the GUI

If you have Hyper-V Servers, you don’t have GUI on the server, but you can do it remotely from other server or from you RSAT installed on Windows 8.1, using the Server Manager Console. Just follow the steps.

1. Open Server Manager Console

2. Browse the Hyper-V Server that you want to enable the MPIO. To do that click on All Servers and then click on the Hyper-V Server.

image

3. Right-Click on the Hyper-V Server and click on Add Roles and Features

4. Click 4 times Next (to go to features windows)

image

5. On the Select features window, select Multipath I/O and click next.

image

6. Click Install to enable the feature.

Installing and Managing MPIO using PowerShell

Enable or Disable the MPIO Feature

If the MPIO feature is not currently installed, use the following command to enable the MPIO feature:

Enable-WindowsOptionalFeature –Online –FeatureName MultiPathIO

clip_image007

To disable the MPIO feature, use the following command

Disable-WindowsOptionalFeature –Online –FeatureName MultiPathIO

Listing commands available in the MPIO module

The commands available in the MPIO module can be listed using get-command as shown below

clip_image009

Full help and example content for the MPIO module is available via the following method:

  • In PowerShell, after importing the MPIO module or using any MPIO cmdlet, updated help can be downloaded from the internet by running the following command:
    • Update-Help

Tips and Tricks

Configuring MPIO using PowerShell

If these steps are performed prior to connecting devices of the desired BusType, you can typically avoid the need for a restart.

  • Install the MPIO feature on a new Windows Server 2012 installation.
  • Configure MPIO to automatically claim all iSCSI devices.
  • Configure the default Load Balance policy for Round Robin.
  • Set the Windows Disk timeout to 60 seconds.

Here is what this script would look like:

# Enable the MPIO Feature

Enable-WindowsOptionalFeature –Online –FeatureName MultiPathIO

# Enable automatic claiming of ISCSI devices for MPIO

Enable-MSDSMAutomaticClaim -BusType iSCSI

# Set the default load balance policy of all newly claimed devices to Round Robin

Set-MSDSMGlobalLoadBalancePolicy -Policy RR

# Set the Windows Disk timeout to 60 seconds

Set-MPIOSetting -NewDiskTimeout 60