In this article, I will show you how to configure the cluster quorum with Cloud witness using Windows Admin Center.
Windows Admin Center (WAC) is a flexible, locally-deployed, browser-based management platform, and solution. It contains core tools for troubleshooting, configuration, management, and maintenance for Windows Server, Windows Client, Software-Defined Storage (SDS), Software-Defined Network (SDN), Microsoft Hyper-V Server, and more…
Windows Admin Center is not only for managing servers, clusters, hyper-converged infrastructure, and Windows 10 PCs, but it also lets you connect your Windows Server to Azure hybrid services whether they are running on-premises or in a different cloud provider. There are many more hybrid services for Windows Server, which you can leverage with Windows Admin Center.
- Azure Backup
- Azure File Sync
- Azure Network Adapter
- Azure Site Recovery
- Azure Security Center
- Azure ARC
- Azure Monitor
- And much more…
By deploying a Windows Server cluster or Azure Stack HCI cluster, you’re providing high availability for your workloads. These resources are considered highly available if the nodes that host resources are up; however, the cluster generally requires more than half the nodes to be running, which is known as having a quorum.
Quorum is designed to prevent split-brain scenarios which can happen when there is a partition in the network and subsets of nodes cannot communicate with each other. This can cause both subsets of nodes to try to own the workload and write to the same disk which can lead to numerous problems. However, this is prevented with Failover Clustering’s concept of quorum which forces only one of these groups of nodes to continue running, so only one of these groups will stay online.
To learn more about quorum, please check out the official documentation from Microsoft.
Configuring a witness resource is highly recommended for all clusters, and should be set up right after you create a cluster. Two-node clusters need a witness so that either server going offline does not cause the other node to become unavailable as well. Three and higher-node clusters need a witness to be able to withstand two servers failing or being offline.
You can either use an SMB file share as a witness or an Azure cloud witness. However, an Azure cloud witness is recommended, provided all server nodes in the cluster have a reliable internet connection.
To learn more about configuring File Share Witness, please check the following guide.
In this quick blog post, I will show you how to configure Cloud witness for Windows Server cluster or Azure Stack HCI cluster.
The prerequisites are very simple as follows:
- Make sure you are running Windows Admin Center (WAC) Version 2103 or later.
- Make sure you have an active Azure subscription. If you don’t have a subscription, you can create a free one here.
- Azure Stack HCI cluster or Windows Server cluster up and running (Minimum of 2 servers, maximum of 16 servers).
- Azure storage account – To create a general-purpose storage account, you can follow the instructions described here.
- An Azure cloud witness uses HTTPS (default port 443) to establish communication with the Azure blob service. Please make sure that the HTTPS port is accessible to your cluster.
Configure Cloud Witness
Assuming you have all the prerequisites in place, take now the following steps:
Ensure you’re logged into your Windows Admin Center instance, and then click on your Azure Stack HCI or Windows Server cluster.
You may be prompted for credentials, so log in with your credentials and then select the “Use these credentials for all connections” box. You should then be connected to your cluster.
After a few moments of verification, the cluster dashboard will open.
On the cluster dashboard, at the very bottom-left of the window, click on Settings as shown in the figure below.
In the Settings window, click on Witness, and under Witness type, use the drop-down to select Cloud witness as shown in the figure below.
Open a new tab in your browser, and navigate to the Azure Portal, and log in with your Azure credentials
You should already have a subscription and an Azure storage account created, but if not, you should review the prerequisites section, then come back here.
Once logged into the Azure portal, search for your storage account.
On the left-hand navigation, under Settings, click Access Keys. When you create an Azure Storage Account, it is associated with two Access Keys that are automatically generated – Primary Access key (Key1) and Secondary Access key (Key2).
There is no restriction regarding which key to use for Cloud Witness. Click on Show keys and take a copy of the Storage account name and key1 or Key2.
With all the information gathered, return to the Windows Admin Center and complete the form with your values, and then click Save.
Please note that the required Azure service endpoint for the Blob service is, core.windows.net.
Within a few moments, your witness settings should be successfully applied and you should see the Witness resource status as Online.
That’s it! you have completed configuring the quorum settings with Cloud witness for your cluster.
If you would like to set the quorum settings for your cluster with PowerShell. Then use the following cmdlet to configure the Cloud witness. Enter the storage account name and access key information as described in the previous section.
Set-ClusterQuorum –Cluster "Cluster1" -CloudWitness -AccountName "StorageAccountName" -AccessKey "StorageAccountAccessKey"
In this quick article, I showed you how easy it is to configure Cluster quorum with Cloud witness using Windows Admin Center.
Windows Admin Center is a freely available management tool for anyone to use and makes managing a set of servers with or without GUI remotely, very easy, especially for “day-to-day activities”. Download the latest copy of Windows Admin Center from here, deploy it in a failover cluster, and enjoy modern server management.
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.