Active Directory in Hyper-V environments, Part 9

1817magnetI have written a lot about Active Directory Domain Controllers and Hyper-V in this series. So far you’ve seen recommendations on host configuration, guest configuration, security and converting physical Active Directory Domain Controllers to virtual ones.

Today, I’m covering anti-affinity.

 

The situation

Consider a Hyper-V Fail-over cluster hosting virtual machines running Active Directory Domain Controllers. Virtual machines will be placed on Hyper-V hosts for their computing needs. When a Hyper-V host fails, each virtual machine will be restarted on another Hyper-V host.

 

The problem

Now, consider all Active Directory Domain Controllers in your environment hosted by the same Hyper-V host, when this Hyper-V host (suddenly) fails. Active Directory will (momentarily) not be hosted, resulting in authentication and authorization challenges. Effectively, the Hyper-V host had become the Single Point of Failure (SPoF).

This problem may occur with default Hyper-V settings, but also when System Center Virtual Machine Manager (SCVMM) is used to achieve optimal placement (automatically).

 

The resolution

There are many ways to address this situation. The best way to address it is by using anti-affinity.

In VMware this feature is part of Distributed Resources Scheduler (DRS). They are called Anti-affinity Rules.

In Hyper-V you can set the AntiAffinityClassNames property manually. Several methods exist, depending on whether you’re running System Center Virtual Machine Manager 2012 with Service Pack 1 (SC VMM 2012 SP1). When you’re not, you can set the property manually:

 

Setting Anti-Affinity in Hyper-V without System Center Virtual Machine Manager 2012 with Service Pack 1 with Cluster.exe

Aidan Finn has written a blogpost on Anti-Affinity, roughly three years ago. He points to the /prop switch for cluster.exe that enables you to set the AntiAffinityClassNames. The commands to achieve Anti-Affinity for DC01, DC02 and DC03 would then look like:

cluster.exe group “dc01.demo.ogd.nl“/prop AntiAffinityClassNames=”DCAntiAffinity”

cluster.exe group “dc01.demo.ogd.nl“/prop AntiAffinityClassNames=”DCAntiAffinity”

cluster.exe group “dc01.demo.ogd.nl“/prop AntiAffinityClassNames=”DCAntiAffinity”

Replace the italic values with the hostnames of your virtual Active Directory Domain Controllers, and you’re good to go.

 

Setting Anti-Affinity in Hyper-V without System Center Virtual Machine Manager 2012 with Service Pack 1 with PowerShell

Michel de Rooij has written a PowerShell script to set AntiAffinityClassNames and published it to the TechNet Gallery.

An example of using this script would be:

Configure-AntiAffinity.ps1 -Cluster HVCluster.demo.ogd.nl -Groups dc01.demo.ogd.nl,dc02.demo.ogd.nl,dc03.demo.ogd.nl
-Class DCAntiAffinity -Verbose

You can use this script to make a group of virtual machines in a Hyper-V Fail-over Cluster share the same anti-affinity class. The Cluster Service will then try to to place virtual machine with the same anti-affinity class on Fail-over cluster nodes not hosting any group anti-affined, unless all available nodes are already hosting anti-affined groups. In that case, the Cluster Service ignores anti-affinity and selects the next preferred available node as the destination node.

Alternatively you can use the AntiAffinityClassNames module from PowerShell.no. Then, you’ll gain access to the Get-AntiAffinityClassNames, Set-AntiAffinityClassNames and Remove-AntiAffinityClassNames PowerShell Cmdlets.

 

Setting Anti-Affinity in Hyper-V with System Center Virtual Machine Manager 2012 with Service Pack 1 available

In System Center Virtual Machine Manager 2012 with Service Pack 1 (SCVMM 2012 SP1) admins can control preferred owners, possible owners and availability sets (like the AntiAffinityClassNames).

You would use on the Custom Properties from within Virtual Machine Manager to create placement rules.

In the Graphical User Interface (GUI) of System Center Virtual Machine Manager 2012 with Service Pack 1 (SCVMM 2012 SP1), in a VM’s properties, with Hardware Configuration selected in the left pane, click on the button labeled Manage availaiblity sets.

A list of previously used Availability sets is presented to you to make it simple to add multiple VMs into the same availability set and you can also create availability sets for anti-affinity using the Create… button here.

Note:
Any AntiAffinityClassNames you may have created manually or through the script will be picked up by System Center Virtual Machine Manager 2012 with Service Pack 1 (SC VMM 2012 SP1).

 

Concluding

Configure virtual machines running Active Directory Domain Controllers with anti-affinity.

Further reading

TechNet Forums – Setting anti-affinity and affinity in Hyper-V 3 or SCVMM2012
Configuring Anti-Affinity in Failover Clusters
About Virtual Machine Placement
Understanding Virtual Machine Placement and Ratings in VMM
AntiAffinityClassNames
How to separate Hyper-V virtual machines using anti-affinity
vSphere 5 versus Windows Server 2012 Hyper-V: affinity and anti-affinity rules
Configuring anti-affinity between VMs on Hyper-V 2008 R2 SP1 and VMM 2012
Cluster Resource Anti-Affinity
Create a Hyper-V Cluster in SCVMM2012
Need to Separate Hyper-V VMs? Use AntiAffinityClassName
Anti Affinity for Hyper-V Clusters
How to Restrict Clustered Hyper-V Virtual Machines to Specific Cluster Nodes, Part 1
How to Restrict Clustered Hyper-V Virtual Machines to Specific Cluster Nodes, Part 2
Microsoft Windows Failover Cluster–VM Failover Policies
Top 10: New Features in Hyper-V 3.0
Custom Placement Rules and Availability Sets in SCVMM 2012 SP1
Configuring anti-affinity for Hyper-V virtual machines
How to configure AntiAffinityClassNames in Failover Clustering using Windows PowerShell

Acknowledgements

This blog post was inspired by the blogpost and script by Michel de Rooij, posted on July 22, 2013. It also incorporates information posted by Aidan Finn.

Series Navigation

<< Active Directory in Hyper-V environments, Part 8Active Directory in Hyper-V environments, Part 10 >>

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.