Date post: | 15-Jan-2015 |
Category: |
Technology |
Upload: | microsoft-technet-belgium-and-luxembourg |
View: | 2,936 times |
Download: | 3 times |
Didier Van Hoye
HANDS ON WITH HYPER-V CLUSTERING MAINTENANCE MODE & CLUSTER AWARE UPDATING
Didier Van Hoye
DIDIER VAN HOYE
Technical Architect – FGIAMicrosoft MVP & MEET Member
http://workinghardinit.wordpress.com@workinghardinit
Didier Van Hoye
PAUSING & RESUMING CLUSTER NODES • PAUSE A NODE AND CHOOSE TO DRAIN THE
ROLES OR NOT
• RESUME A NODE AND CHOOSE TO FAILBACK THE ROLES OR NOT
Didier Van Hoye
VIRTUAL MACHINE PRIORITIES
• DEFAULT PRIORITY: MEDIUM
• DEFAULT MOVE BEHAVIOR: LOW & BELOW ARE QUICK MIGRATED
• DEFINED BY CLUSTER PARAMETER “MOVETYPETHRESHOLD” WHICH DEFAULTS TO 2000 (MEDIUM)
Didier Van Hoye
VIRTUAL MACHINE PRIORITIES3000 = HIGH 2000 = MEDIUM 1000 = LOW 0 = VIRTUAL MACHINE DOES NOT RESTART AUTOMATICALLY
GET-CLUSTERRESOURCETYPE "VIRTUAL MACHINE" | SET-CLUSTERPARAMETER MOVETYPETHRESHOLD 1000
Didier Van Hoye
VIRTUAL MACHINE PRIORITIES
Didier Van Hoye
UNINTENDED CONSEQUENCES• VMS WITH < PRIORITIES THAN MEMORY HOG ARE PUT
INTO SAVED STATUS
• THE MEMORY HOG VM STARTS BUT FAILS AS THERE ARE NOT ENOUGH RESOURCES FREED UP
Didier Van Hoye
THE AFTERMATH
• THE “NO AUTO RESTART” VM STAYS IN SAVED STATUS
• THE “LOW” PRIORITY VM STARTS UP AGAIN
Didier Van Hoye
CLUSTER AWARE UPDATING (CAU)
• UPDATE ORCHESTRATION ACROSS ALL NODES IN A CLUSTER• CAU SHIPS IN BOX WITH WINDOWS SERVER 2012
• NOT REINVENTING WINDOWS UPDATES & PATCHING
• PREVIEWS, APPLIES AND REPORTS ON UPDATES FOR A CLUSTER
• TWO MODES: SELF-UPDATING & REMOTE-UPDATING• SELF-UPDATING: WORKLOAD REDUCTION THROUGH INCREASED AUTOMATION,
UPDATING ITSELF IS RESILIENT
• REMOTE-UPDATING SCENARIOS WHERE CLOSER ADMINISTRATOR ATTENTION IS PREFERRED OR WARRANTED
• EXTENSIBLE • INTEGRATE WITH YOUR PATCHING TOOLS WITH PLUG-INS (API)
• TWO INBOX PLUG-INS: WINDOWS UPDATE & HOTFIX PLUG-IN
• PER-NODE PRE-UPDATE AND POST-UPDATE SCRIPTS
Didier Van Hoye
WHERE DOES CAU FIT IN?
Windows Update Services
Didier Van Hoye
PLUG-INS & SUPPORTED UPDATE TYPES
*GDR = General Distribution Release**QFE = Quick Fix Engineering (nickname for hotfix)
CAU SHIPS WITH TWO PLUG-INS
1.WINDOWS UPDATE
1. INSTALLS GDRS* => FROM WINDOWS UPDATE OR WSUS
2.HOTFIX PLUG-IN
1. INSTALLS QFES** FROM A SMB 3.0 FILE SHARE
2.3RD PARTY UPDATES SUCH AS BIOS & FIRMWARE UPDATES FROM A SMB 3.0 FILE SHARE
WINDOWS SERVER 2012 CLUSTER AWARE UPDATING
Node 1 Node 64Node 2
. . .
Windows Server 2012 Hyper-V Cluster
Dedicated WSUS ServerWindows Server 2012 File Server (SMB 3.0)
Jenny, Cluster Admin & Orchestrator
(RSAT)
Node 1 Node 64Node 2
. . .
Windows Server 2012 Hyper-V Cluster
Microsoft Update Services
Didier Van Hoye
CLUSTER AWARE UPDATING PROCESS1. SCANS, DOWNLOADS AND INSTALLS
APPLICABLE UPDATES ON EACH NODE
• WINDOWS UPDATE OR HOTFIX PLUGIN OR BOTH
2. RESTARTS NODE AS NECESSARY
3. ONE NODE AT A TIME
4. REPEATS FOR ALL CLUSTER NODES
5. CUSTOMIZE PRE- & POST-UPDATE BEHAVIORWITH PS SCRIPTS
6. EASY MANUAL OR SCHEDULED LAUNCH• VIA GUI• POWERSHELL• WORKS FOR BOTH PHYSICAL OR VIRTUALIZED
CLUSTERS
Jenny Starts Updating Run
Node 64
Resume Node & Failback VMs
.
.
.
Node 1
Windows Server failover cluster
. . .
Windows Update, WSUS, QFE, …
Pause Node & Drain VMs
CAU
Apply updates on this cluster
Didier Van Hoye
Node 1
Failover Cluster
SELF-UPDATING MODE
• Leverages a CAU cluster role that is resilient to planned and unplanned failures
• Requires no real-time user attention
• Installs updates on a custom schedule
• CAU Update Coordinator process runs on a clustered node
Update Coordinator
Node 2Node 3
Node 4
Didier Van Hoye
REMOTE-UPDATING MODE
CAU Update Coordinator
• CAU Update Coordinator process remotely connects to the cluster
• User-initiated Updating Run, allowing real time monitoring
• Rich progress updates
• Minimal Server Core (no .Net or PS dependency) on nodes
Failover Cluster
Node 1 Node 2
Node 3 Node 4
• STRICT ACL CHECKING (OPTIONAL)KERBEROS MUTUAL AUTHENTICATION (REQUIRED)
• DATA INTEGRITY CHECKING (REQUIRED)• SMB SIGNING OR SMB
ENCRYPTION
• PRIVACY WITH SMB ENCRYPTION (OPTIONAL)• SMB ENCRYPTION IS NEW IN
WINDOWS SERVER 2012
HOTFIXES FOLDERSTRUCTURE & SECURITY
CAU Hotfix Root Folder
CAUHotfix_All
<Node Name 1>
Extension Rules<MSU><MSI><MSP>
Folder Rules<MySwUpdateType>
Hotfix Config File
MySwUpdateType
Special software updates
.
.
.
Hotfixes applicable to all nodes
Hotfixes applicable just to <Node Name 1>
Hotfixes applicable just to <Node Name N>
<Node Name 1>
MySwUpdateType
Special software updates
MySwUpdateType
Special software updates
Didier Van Hoye
“HOTFIX” SUPPORT INTERNALS
• RICH/EXTENSIBLE HOTFIX INSTALLATION
• MICROSOFT QFES, OR THIRD-PARTY DRIVER UPDATES, OR EVEN FIRMWARE/BIOS UPDATES…
• SELECT HOTFIX BEHAVIOR AT START. TWO KEY INPUTS:
1. ROOT FOLDER: ON AN SMB FILE SHARE
2. CONFIGURATION XML FILE: DEFINES THE RULES \SYSTEM32\WINDOWSPOWERSHELL\V1.0\MODULES\CLUSTERAWAREUPDATING\DEFAULTHOTFIXCONFIG.XML
• CONFIGURATION RULES ARE THE KEY TO FLEXIBILITY
• EASY TO SPECIFY NEW RULES
• HOTFIX INSTALLER NAME, INSTALL OPTIONS, REBOOT BEHAVIOR, RETURN VALUES ETC.
Didier Van Hoye
NTFS PERMISSIONS CAUFILE SHARE
FIRST YOU’LL NEED TO DO YOUR HOME WORK AS DESCRIBED IN THE TECHNET ARTICLE
BUT THAT DOESN’T QUITE COVER IT.
ADJUST NTFS PERMISSIONS ON THE CAU SHARE
• GIVE .\USERS OR THE CLUSTER NODE COMPUTER ACCOUNTS (OR AN AD GROUP CONTAINING THEM, WHICH MAKES FOR EASIER ADMINISTRATION) READ/EXECUTE PERMISSION TO THE LOCATION
• IF NOT =>THEY CAN’T RUN THE DUPS.
Didier Van Hoye
NTFS PERMISSIONS LOG FILE
DUPS ALLOWS LOGGING WITH /L SWITCH
LOCALLY (PER NODE) OR TO CENTRAL SHARE
MUST USE ANOTHER SHARE THAN THE CAU SHARE:
• NEED TO GIVE THE COMPUTER ACCOUNTS (OR AN AD GROUP CONTAINING THEM, WHICH MAKES FOR EASIER ADMINISTRATION) WRITE PERMISSION TO THE LOCATION
• YOU’RE NOT ALLOWED TO DO THAT FOR OTHER THEN SPECIFIC ACCOUNTS AS DESCRIBED ON TECHNET
THE LOG CAN GROW QUITE LARGE IF USED A LOT
• KEEP AN EYE ON IT
• FOR CLARITIES SAKE USE DIFFERENT LOG PER CLUSTER OR FOLDER TYPE
Didier Van Hoye
CAU HOTFIX PLUG-IN IN ACTION
Didier Van Hoye
REFERENCE MATERIALS
• CLUSTER-AWARE UPDATING OVERVIEW • HTTP://TECHNET.MICROSOFT.COM/EN-US/LIBRARY/HH831694.ASPX
• CLUSTER-AWARE UPDATING CMDLETS IN WINDOWS POWERSHELL • HTTP://TECHNET.MICROSOFT.COM/EN-US/LIBRARY/HH847221.ASPX
• STARTING WITH CLUSTER-AWARE UPDATING: SELF-UPDATING• HTTP://BLOGS.TECHNET.COM/B/FILECAB/ARCHIVE/2012/05/17/STARTING-WITH-CLUSTER-
AWARE-UPDATING-SELF-UPDATING.ASPX
• UPDATE DELL SERVERS WITH MICROSOFT WINDOWS SERVER 2012 CLUSTER AWARE UPDATE BY INTEGRATING SUU/DUP• HTTP://EN.COMMUNITY.DELL.COM/TECHCENTER/EXTRAS/M/WHITE_PAPERS/20217029.AS
PX