Windows Server 2019: introduction to the news for the cluster environment

October is the month of the official release of the final version of Windows Server 2019. The new server operating system from Microsoft introduces, in different areas, important new features that let you get Hyper-converged infrastructure (HCI) more reliable and flexible. To achieve this in Windows Server 2019 the cluster solution introduces a number of changes that are documented in this article.

Cluster Sets

Cluster Sets is a new technology for scale-out cluster environment introduced in Windows Server 2019. With this feature, you can group multiple Failover Clusters into a single entity to achieve greater fluidity of virtual machines among different clusters. All this is especially useful for load balancing and for maintenance, such as the replacement of entire cluster, without impacting the execution of virtual machines. In terms of management you can govern all using a single namespace. Cluster Sets do not distort the normal operating principles of traditional cluster environment (Preffered Owner, Node Isolation, Load Balancing, etc.), but remain completely unchanged, adding benefits such as Azure-like Fault Domains and Availability Sets between different clusters.

Figure 1 – Cluster Sets overview

File share witness

In clustered environment you have the ability to configure as witness the "File Share Witness" option (FSW), for which the following innovations were introduced.

It blocked the use of share of type Distributed File System (DFS). Theuse of DFS share as a File Share Witness (FSW) has never been a supported configuration as it introduces potential instability in cluster. In Windows Server 2019 was introduced a logic capable of detecting whether a share uses DFS and if so Failover Cluster Manager blocks the creation of the witness, displaying an error message saying that it is an unsupported configuration.

Figure 2 – Error message trying to configure witness on DFS share

In order to use a configuration with FSW, before the introduction of Windows Server 2019, one of the requirements to be met was that the Windows Server system that hosted the share had to be joined to a domain, and part of the same Active Directory forest. This requirement was due to the fact that the Failover Cluster used the Kerberos Authentication with the Cluster Name Object (CNO) to authenticate and connect to the share. In Windows Server 2019 you can create a File Share Witness (FSW) without using the CNO, it simply uses a local account to connect to FSW. To use File Share Witness is no longer required Kerberos authentication, the Cluster Name Object and your Active Directory environment. It follows that extend the possible usage scenarios for FSW, and it is possible to contemplate the use of, for example, NAS appliance, Windows systems not joined to the domain, etc.

 

Move the cluster in a different domain

Changing the domain membership of a Failover Cluster has always been an operation that required the destruction and recreation of the environment, with an important impact in terms of time and in operations. In Windows Server 2019 there is a specific procedure to change the membership of a new Active Directory domain of the cluster nodes, with the introduction of two new PowerShell commands:

  • New-ClusterNameAccount: creates from Active Directory a Cluster Name Account
  • Remove-ClusterNameAccount: removes from Active Directory a Cluster Name Account

The procedure requires that the nodes are first configured in Workgroup and then put in join to the new Active Directory domain. During the migration activity is required a stop of hosted workloads from the cluster.

Figure 3 - Domain Migration steps of a cluster

 

Removing the dependency with NTLM authentication

Windows Server Failover Clusters no longer uses NTLM authentication in any way, but only uses Kerberos authentication and certificate-based authentication. All this in Windows Server 2019 is natively, without the need to do special configuration, allowing to reap the resulting benefits in terms of security.

 

Conclusions

In Windows Server 2019 important investments have been made to achieve an agile OS, suitable for hybrid scenarios, more secure and allows you to deploy Hyper-converged infrastructure with outstanding features in terms of scalability and performance. Innovations like that shown in clustered environment help to ensure a better development of companies, offering fundamentals elements to support the process of innovation and modernization of the datacenter.

Leave a Reply

Your email address will not be published. Required fields are marked *