部署故障转移群集云见证Deploy a Cloud Witness for a Failover Cluster

适用于:适用于:Windows Server(半年通道)、Windows Server 2016Applies to: Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016

云见证是一种新的 Windows Server 2016 未引入故障转移群集仲裁见证。Cloud Witness is a new type of Failover Cluster quorum witness being introduced in Windows Server 2016. 本主题提供概述云见证功能、方案的支持它,以及有关如何配置云见证故障转移群集运行 Windows Server 2016 的说明进行操作。This topic provides an overview of the Cloud Witness feature, the scenarios that it supports, and instructions about how to configure a cloud witness for a Failover Cluster that is running Windows Server 2016.

云见证概述Cloud Witness overview

1 图所示多站点拉伸故障转移群集仲裁配置与 Windows Server 2016。Figure 1 illustrates a multi-site stretched Failover Cluster quorum configuration with Windows Server 2016. 在此示例配置(图 1)中,在 2 数据中心(也称为站点)中有 2 个节点。In this example configuration (figure 1), there are 2 nodes in 2 datacenters (referred to as Sites). 请注意,可能会群集跨越 2 个以上的数据中心。Note, it is possible for a cluster to span more than 2 datacenters. 此外,每个 datacenter 可以有 2 个以上节点。Also, each datacenter can have more than 2 nodes. 此设置(自动故障转移 SLA)中的典型群集仲裁配置为每个节点投票。A typical cluster quorum configuration in this setup (automatic failover SLA) gives each node a vote. 一个额外投票分发给仲裁见证,以允许群集保留的数据中心运行即使任一一个遭遇断电时。One extra vote is given to the quorum witness to allow cluster to keep running even if either one of the datacenter experiences a power outage. 非常简单的数学运算-5 总投票和需要 3 投票群集以使其保持运行。The math is simple - there are 5 total votes and you need 3 votes for the cluster to keep it running.

在第三个单独的文件共享见证网站 2 中 2 个节点与其他站点File Share Witness in a third separate site with 2 nodes in 2 other sites
图 1 部分:使用作为仲裁见证见证文件共享Figure 1: Using a File Share Witness as a quorum witness

情形断电一个数据中心中,以确保它运行的,其他数据中心中对群集以便等机会建议主机仲裁见证在以外两个数据中心位置。In case of power outage in one datacenter, to give equal opportunity for the cluster in other datacenter to keep it running, it is recommended to host the quorum witness in a location other than the two datacenters. 这通常意味着要求第三个单独的 datacenter(站点)托管文件服务器正在备份文件共享用作主仲裁见证(共享见证文件)。This typically means requiring a third separate datacenter (site) to host a File Server that is backing the File Share which is used as the quorum witness (File Share Witness).

大多数企业不具有第三个单独的将举办备份文件共享见证文件服务器的数据中心。Most organizations do not have a third separate datacenter that will host File Server backing the File Share Witness. 这意味着组织主要存放文件服务器,在两个数据中心,这样的扩展,该数据中心主要数据中心之一。This means organizations primarily host the File Server in one of the two datacenters, which by extension, makes that datacenter the primary datacenter. 在方案中的主要数据中心中断电,群集会下跌其他数据中心只有 2 投票这低于 3 投票所需的仲裁大多数当。In a scenario where there is power outage in the primary datacenter, the cluster would go down as the other datacenter would only have 2 votes which is below the quorum majority of 3 votes needed. 有三个单独的 datacenter 托管文件服务器的客户,它是开销,以便保留备份文件共享见证高度可用的文件服务器。For the customers that have third separate datacenter to host the File Server, it is an overhead to maintain the highly available File Server backing the File Share Witness. 举办有见证运行来宾操作系统中的文件共享文件服务器的虚拟机云中的公用是设置和维护在很大的开销。Hosting virtual machines in the public cloud that have the File Server for File Share Witness running in Guest OS is a significant overhead in terms of both setup & maintenance.

云见证是一种新的仲裁点(图 2)利用 Microsoft Azure 的故障转移群集仲裁见证。Cloud Witness is a new type of Failover Cluster quorum witness that leverages Microsoft Azure as the arbitration point (figure 2). 它使用 Azure 斑点存储读取/写入斑点文件,然后用作主情形裂分辨率仲裁点。It uses Azure Blob Storage to read/write a blob file which is then used as an arbitration point in case of split-brain resolution.

有重大的好处这种方法:There are significant benefits which this approach:

  1. 利用 Microsoft Azure(无需第三个单独的 datacenter)。Leverages Microsoft Azure (no need for third separate datacenter).
  2. 使用标准可用 Azure 斑点存储(公共云中托管了虚拟机任何额外维护开销)。Uses standard available Azure Blob Storage (no extra maintenance overhead of virtual machines hosted in public cloud).
  3. Azure 存储的相同帐户可用于多个群集(群集每一个斑点文件; 群集用作斑点文件名称的唯一 id)。Same Azure Storage Account can be used for multiple clusters (one blob file per cluster; cluster unique id used as blob file name).
  4. 到存储帐户(很小数据编写每个斑点文件斑点文件更新仅当群集节点状态发生更改后)非常低上转 $cost。Very low on-going $cost to the Storage Account (very small data written per blob file, blob file updated only once when cluster nodes' state changes).
  5. 内置的云见证资源类型。Built-in Cloud Witness resource type.

图 2 部分:多站点拉伸使用云见证群集作为仲裁见证Figure 2: Multi-site stretched clusters with Cloud Witness as a quorum witness

图 2 中所示,没有任何所需第三个单独的网站。As shown in figure 2, there is no third separate site that is required. 云见证,如任何其他仲裁见证获取投票,并且可以参与仲裁计算。Cloud Witness, like any other quorum witness, gets a vote and can participate in quorum calculations.

作为一个见证类型云见证:支持的方案Cloud Witness: Supported scenarios for single witness type

如果你有故障转移群集部署,所有节点了可以都连接到互联网(通过 Azure 扩展名),建议你将云见证配置为你仲裁见证资源。If you have a Failover Cluster deployment, where all nodes can reach the internet (by extension of Azure), it is recommended that you configure a Cloud Witness as your quorum witness resource.

某些受支持的方案用作的云见证仲裁见证如下所示:Some of the scenarios that are supported use of Cloud Witness as a quorum witness are as follows:

  • 灾难恢复拉伸多站点群集(参见 2 图)。Disaster recovery stretched multi-site clusters (see figure 2).
  • 故障转移群集不共享存储(SQL 始终上等)。Failover Clusters without shared storage (SQL Always On etc.).
  • 故障转移群集来宾操作系统,Microsoft Azure 虚拟机角色(或任何其他公共云)中托管内运行。Failover Clusters running inside Guest OS hosted in Microsoft Azure Virtual Machine Role (or any other public cloud).
  • 运行内来宾操作系统的虚拟机托管专用云霞在故障转移群集。Failover Clusters running inside Guest OS of Virtual Machines hosted in private clouds.
  • 存储在诸如规模文件服务器群集群集使用或共享存储,不。Storage clusters with or without shared storage, such as Scale-out File Server clusters.
  • 小分支机构群集(甚至 2 个节点群集)Small branch-office clusters (even 2-node clusters)

开始与 Windows Server 2012 R2,它建议群集自动管理见证投票以及节点投票,与动态仲裁始终配置见证。Starting with Windows Server 2012 R2, it is recommended to always configure a witness as the cluster automatically manages the witness vote and the nodes vote with Dynamic Quorum.

对于群集云见证设置 Set up a Cloud Witness for a cluster

若要设置为你的群集仲裁见证云见证,完成以下步骤:To set up a Cloud Witness as a quorum witness for your cluster, complete the following steps:

  1. 创建用于云见证 Azure 存储帐户Create an Azure Storage Account to use as a Cloud Witness
  2. 作为你的群集仲裁见证配置云见证。Configure the Cloud Witness as a quorum witness for your cluster.

创建用于云见证 Azure 存储帐户Create an Azure Storage Account to use as a Cloud Witness

此部分中介绍了如何创建存储帐户视图和副本端点 Url 和访问该帐户的键。This section describes how to create a storage account and view and copy endpoint URLs and access keys for that account.

若要配置云见证,必须具有有效的 Azure 存储帐户,可以用于存储斑点文件(用于仲裁)。To configure Cloud Witness, you must have a valid Azure Storage Account which can be used to store the blob file (used for arbitration). 云见证创建一个已知容器msft-云见证下存储 Microsoft 帐户。Cloud Witness creates a well-known Container msft-cloud-witness under the Microsoft Storage Account. 云见证写入斑点一个文件具有相应群集的唯一 ID 用作文件名称在斑点文件下此msft-云见证容器。Cloud Witness writes a single blob file with corresponding cluster's unique ID used as the file name of the blob file under this msft-cloud-witness container. 这意味着你可以使用相同的 Microsoft Azure 存储帐户配置为多个不同的群集云见证。This means that you can use the same Microsoft Azure Storage Account to configure a Cloud Witness for multiple different clusters.

当你使用同一 Azure 存储帐户的多个不同的配置云见证群集,单个msft-云见证容器获取自动创建。When you use the same Azure Storage Account for configuring Cloud Witness for multiple different clusters, a single msft-cloud-witness container gets created automatically. 此容器将包含群集每一个斑点文件。This container will contain one-blob file per cluster.

若要创建 Azure 存储帐户To create an Azure storage account

  1. 登录到Azure 门户Sign in to the Azure Portal.
  2. 在中心菜单中,选择新-> 数据 + 存储-> 存储帐户。On the Hub menu, select New -> Data + Storage -> Storage account.
  3. 在创建存储帐户页面上,执行以下操作:In the Create a storage account page, do the following:

    1. 输入存储你的帐户的名称。Enter a name for your storage account.
      存储帐户名称必须之间 3 和 24 个字符,可能包含数字和仅小写字母。Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only. 必须在 Azure 唯一存储帐户名。The storage account name must also be unique within Azure.

    2. 对于帐户 kind、选择常规用途For Account kind, select General purpose.
      不能用于云见证斑点存储帐户。You can't use a Blob storage account for a Cloud Witness.

    3. 对于性能、选择标准For Performance, select Standard.
      不能用于云见证 Azure 高级版存储。You can't use Azure Premium Storage for a Cloud Witness.
    4. 对于复制、选择本地冗余存储 (LRS)For Replication, select Locally-redundant storage (LRS) .
      故障转移群集斑点文件用作仲裁点,这需要一些一致性保障时读取数据。Failover Clustering uses the blob file as the arbitration point, which requires some consistency guarantees when reading the data. 两必须选择本地冗余存储复制类型。Therefor you must select Locally-redundant storage for Replication type.

查看和 Azure 存储帐户复制存储访问键View and copy storage access keys for your Azure Storage Account

当您创建 Microsoft Azure 存储帐户时,它都与两个访问键自动生成的主要访问键和辅助访问键关联。When you create a Microsoft Azure Storage Account, it is associated with two Access Keys that are automatically generated - Primary Access key and Secondary Access key. 云见证第一次创建,使用主要访问键For a first-time creation of Cloud Witness, use the Primary Access Key. 没有任何限制关于的用于云见证键。There is no restriction regarding which key to use for Cloud Witness.

若要查看和复制存储访问键To view and copy storage access keys

在 Azure 门户中,转到存储你的帐户中,单击所有设置,然后单击访问键若要查看,复制和重新生成你帐户的访问键。In the Azure Portal, navigate to your storage account, click All settings and then click Access Keys to view, copy, and regenerate your account access keys. 访问键刀口还包括预配置的连接字符串使用主要和次要键,您可以复制(请参阅图 4)应用程序中使用。The Access Keys blade also includes pre-configured connection strings using your primary and secondary keys that you can copy to use in your applications (see figure 4).

在 Microsoft Azure 管理访问键对话框的快照
图 4:存储访问键Figure 4: Storage Access Keys

创建存储帐户时,下列 Url 生成使用格式:When you create a Storage Account, the following URLs are generated using the format: https://<Storage Account Name>.<Storage Type>.<Endpoint>

始终使用云见证斑点为存储类型。Cloud Witness always uses Blob as the storage type. Azure 使用。core.windows.net为端点。Azure uses .core.windows.net as the Endpoint. 配置云见证,时,可以在您将配置它使用不同的 endpoint 根据你的情况下(例如 Microsoft Azure 数据中心,在中国具有不同的 endpoint)。When configuring Cloud Witness, it is possible that you configure it with a different endpoint as per your scenario (for example the Microsoft Azure datacenter in China has a different endpoint).


通过云见证资源自动产生端点 URL,并且没有任何额外的步骤,来配置必需的 URL。The endpoint URL is generated automatically by Cloud Witness resource and there is no extra step of configuration necessary for the URL.

在 Azure 门户中,转到存储你的帐户中,单击所有设置,然后单击属性即可查看和复制你的端点 Url(参见 5 图)。In the Azure Portal, navigate to your storage account, click All settings and then click Properties to view and copy your endpoint URLs (see figure 5).

图 5:云见证端点 URL 链接Figure 5: Cloud Witness endpoint URL links

有关如何创建和管理 Azure 存储帐户的详细信息,请参阅关于 Azure 存储帐户For more information about creating and managing Azure Storage Accounts, see About Azure Storage Accounts

作为你的群集仲裁见证配置云见证Configure Cloud Witness as a quorum witness for your cluster

云见证配置为在现有仲裁配置向导内置插入故障转移群集管理器内完善集成。Cloud Witness configuration is well-integrated within the existing Quorum Configuration Wizard built into the Failover Cluster Manager.

若要将云见证配置为仲裁见证To configure Cloud Witness as a Quorum Witness

  1. 启动故障转移群集管理器。Launch Failover Cluster Manager.
  2. 右键单击-> 群集更多操作 -> 配置群集仲裁设置(请参阅图 6)。Right-click the cluster -> More Actions -> Configure Cluster Quorum Settings (see figure 6). 这将启动配置群集仲裁向导。This launches the Configure Cluster Quorum wizard.
    <span data-ttu-id="c8068-198">菜单通往 Configue 群集故障转移群集管理器 UI 中的仲裁设置的快照](media/Deploy-a-Cloud-Witness-for-a-Failover-Cluster/CloudWitness_7.png)**图 6。群集仲裁设置**</span><span class="sxs-lookup"><span data-stu-id="c8068-198">Snapshot of the menu path to Configue Cluster Quorum Settings in the Failover Cluster Manager UI Figure 6. Cluster Quorum Settings

  3. 选择仲裁配置页上,选择选择仲裁见证(参见 7 图)。On the Select Quorum Configurations page, select Select the quorum witness (see figure 7).

    选择 quotrum 见证快照单选群集仲裁向导中的按钮
    图 7。Figure 7. 选择仲裁配置Select the Quorum Configuration

  4. 选择仲裁见证页上,选择配置云见证(请参阅图 8)。On the Select Quorum Witness page, select Configure a cloud witness (see figure 8).

    图 8。Figure 8. 选择仲裁见证Select the Quorum Witness

  5. 配置云见证页上,输入以下信息:On the Configure Cloud Witness page, enter the following information:

    1. (所需的参数)Azure 存储帐户名。(Required parameter) Azure Storage Account Name.
    2. (所需的参数)对应于存储帐户的访问键。(Required parameter) Access Key corresponding to the Storage Account.
      1. 当创建第一次,使用主要访问键(请参阅图 5)When creating for the first time, use Primary Access Key (see figure 5)
      2. 当旋转主要的访问键,使用辅助访问键(请参阅图 5)When rotating the Primary Access Key, use Secondary Access Key (see figure 5)
    3. (可选参数)如果你打算使用 Azure 服务的不同端点(例如 Microsoft Azure 服务在中国),然后更新端点服务器名称。(Optional parameter) If you intend to use a different Azure service endpoint (for example the Microsoft Azure service in China), then update the endpoint server name.

      图 9 部分:配置云见证Figure 9: Configure your Cloud Witness

  6. 在云中见证成功配置,你可以查看新创建的见证资源故障转移群集管理器中贴靠-在(参见 10 图)。Upon successful configuration of Cloud Witness, you can view the newly created witness resource in the Failover Cluster Manager snap-in (see figure 10).

    图 10:成功配置了云见证Figure 10: Successful configuration of Cloud Witness

配置使用 PowerShell 云见证Configuring Cloud Witness using PowerShell

现有 Set-ClusterQuorum PowerShell 命令有新对应于云中见证的其他参数。The existing Set-ClusterQuorum PowerShell command has new additional parameters corresponding to Cloud Witness.

您可以使用云见证配置Set-ClusterQuorum以下 PowerShell 命令:You can configure Cloud Witness using the Set-ClusterQuorum following PowerShell command:

Set-ClusterQuorum -CloudWitness -AccountName <StorageAccountName> -AccessKey <StorageAccountAccessKey>

以防你需要使用不同的 endpoint(拥有稀世):In case you need to use a different endpoint (rare):

Set-ClusterQuorum -CloudWitness -AccountName <StorageAccountName> -AccessKey <StorageAccountAccessKey> -Endpoint <servername>  

Azure 云见证与的存储帐户注意事项Azure Storage Account considerations with Cloud Witness

在云中见证配置为故障转移群集仲裁见证时,请考虑以下各项:When configuring a Cloud Witness as a quorum witness for your Failover Cluster, consider the following:

  • 而不是存储访问键,故障转移群集将生成和安全地存储共享访问权限安全 (SAS) 标记。Instead of storing the Access Key, your Failover Cluster will generate and securely store a Shared Access Security (SAS) token.
  • 只要保持有效的访问键,生成的 SAS 令牌才有效。The generated SAS token is valid as long as the Access Key remains valid. 旋转主要的访问键时,务必首先之前重新生成主要的访问键和次要的访问键更新云见证(在所有你群集正在使用该存储帐户)。When rotating the Primary Access Key, it is important to first update the Cloud Witness (on all your clusters that are using that Storage Account) with the Secondary Access Key before regenerating the Primary Access Key.
  • 云见证使用 Azure 存储帐户服务 HTTPS 其余界面。Cloud Witness uses HTTPS REST interface of the Azure Storage Account service. 这意味着它需要打开所有群集节点上的 HTTPS 端口。This means it requires the HTTPS port to be open on all cluster nodes.

使用云见证代理注意事项Proxy considerations with Cloud Witness

云见证使用 HTTPS(默认端口 443)与 Azure 斑点服务建立通信。Cloud Witness uses HTTPS (default port 443) to establish communication with Azure blob service. 确保 HTTPS 端口通过网络代理易于访问。Ensure that HTTPS port is accessible via network Proxy.

请参阅See Also