#006 Build a Windows Server Failover Cluster - Part 2

Real quick before we jump into this week's challenge.  This past week has been extremely busy (hence this edition being a day late). 

But, I needed to create a new vagrantfile to build this environment quickly using my Automated Sandbox Framework (ASF).  I'll recreate the environment and add additional servers as needed, without having to perform manual OS installations and network configurations (Infrastructure as Code for the win).  

If you're familiar with Vagrant and ASF, you can grab the file from the link at the end (however, I'd recommend building this environment once manually if it's all new to you).  The file references a custom image of Windows Server 2022 (eval) that I created this week.  It's hosted in Hashicorp's Vagrant Registry.

Back to the challenge...

Last week you built your virtual machines and joined them to your domain. 

• CLUSTER1SRV1 and CLUSTER1SRV2:  These servers will serve as the nodes in your failover cluster.
• STORSRV1:  This server will be configured as the iSCSI target, providing shared storage for the cluster. 

This week, we'll dive deeper into the importance of iSCSI, why it's essential to have iSCSI traffic on a separate network and guide you through configuring your environment to meet these needs.

There are five objectives in this challenge:

• Learn about iSCSI and its role in providing block-level storage communication.
• Understand the importance of using a separate network for iSCSI traffic.
• Add a second virtual network (VNET) and a second network interface card (NIC) on each server for iSCSI traffic. 
• Add the iSCSI Target Server feature on STORSRV1
• Start the iSCSI initiator service on CLUSTER1SRV1 and CLUSTER1SRV2.

Ready?

Estimated time to complete: Less than 4 hour.

Step 1: What is iSCSI?

Internet Small Computer Systems Interface (iSCSI) is an IP-based storage networking standard for linking data storage facilities.  It enables clients (initiators) to send SCSI commands to storage devices (targets) on remote servers.

• Block-Level Storage: iSCSI facilitates block-level data transfer over existing network infrastructure.
• Cost-Effective: Utilizes standard Ethernet hardware, reducing the need for specialized storage networks.

New to iSCSI?  Check out the free training module below from Microsoft.

Implement Windows Server iSCSI 

Step 2: Why Use a Separate Network for iSCSI Traffic?

There are multiple reasons why you'd want to separate this traffic from normal client-server traffic.

Performance Reasons

• Network Congestion: Separating iSCSI traffic prevents it from competing with regular network traffic, reducing latency and bottlenecks.
• Throughput Optimization: Dedicated networks can be tuned specifically for storage traffic, improving data transfer speeds.

Security Considerations

• Isolation: Keeping iSCSI traffic on a separate network minimizes the risk of interception or tampering.
• Access Control: Easier to implement security policies and monitor storage traffic independently.

Best Practices

• Use VLANs or Separate Switches: Physically or logically segregate storage traffic.  We'll use a separate virtual switch for this challenge.
• Enable Flow Control: Improves reliability for storage communications.

Key Takeaway: A dedicated network for iSCSI enhances both the performance and security of your storage communications.

Step 3: Add a second virtual network (VNET) and a second network interface card.

This will be your network for hosting iSCSI traffic and communication between STORSRV1, CLUSTER1SRV1 and CLUSTER1SRV2. 

Oracle VirtualBox, VMware Workstation Pro, and Hyper-V all support adding additional virtual networks.  In the example below (VMware), I've added a new vmnet, disabled the DHCP service, and set the subnet IP to 10.0.1.0 with a subnet mask of 255.255.255.0.  

For this step perform the following actions:

1. Configure your virtual network.
2. Add a second virtual NIC to STORSRV1, CLUSTER1SRV1 and CLUSTER1SRV2.
3. Attach the virtual NIC to the new virtual network.
4. Set the static IP address for each of the new NICs.  There's no need to define the DNS server or gateway for these.  In my example, I used
   1. STORSRV1 - IP: 10.0.1.1, Subnet Mask: 255.255.255.0
   2. CLUSTER1SRV1 - IP: 10.0.1.2, Subnet Mask: 255.255.255.0
   3. CLUSTER1SRV2 - IP: 10.0.1.3, Subnet Mask: 255.255.255.0

We'll verify connectivity in next week's challenge.  However, if you're trying to validate by using ping before then, be sure to unblock ICMP traffic using the Windows Firewall.

Step 4: Add the iSCSI Target Feature to STORSRV1

In this step, you'll enable the iSCSI target feature only on STORSRV1.  There are multiple ways to do this; PowerShell, Ansible, and the Server Manager (add/remove feature wizard).  I'll leave the "how" to you.  

The end result should look similar to the screenshot below.

1. Open Server Manager.
2. Click File and Storage Services.
3. Click iSCSI.

Step 5: Start the iSCSI Initiator Service

Now you're ready to start the iSCSI Initiator service on CLUSTER1SRV1 and CLUSTER1SRV2.   Again, there are multiple ways to do this.  I'll leave the "how" to you.

The end result should look like the screenshot below.

1. Open services.msc.
2. Review the status of the Microsoft iSCSI Initiator Service.

Helping Others and Sharing Your Results

That's it for this week. 

If you have tips other readers can learn from, please share them in the comments.  You can message me on LinkedIn or post about it and tag me with the #dbachallenges hashtag.

Feedback

If there's a DBA Challenge you'd like to see, please let me know by replying to this email.  Have ideas on how to make these more useful?  I'd love to hear those too.

By the way, two items I'd like to mention:

I've dropped the price of the Automated Sandbox Fundamentals course until the next version is released (next year).   

Automated Sandbox Fundamentals 

I'm looking for feedback on how DevOps or Platform Engineering may be impacting your role as a DBA.  If you'd be interested in a quick, 10-15 minute Zoom call, or just want to send over a quick summary via email, I'd love to hear about it.  I'm currently building the course below, and want to ensure it addresses what is important to you in either of these practices. 

 Ansible for SQL Server DBAs: Automation Simplified

Oh yeah, here's the vagrantfile.  If you use it, just send me an email requesting the password.  You'll replace the config.vm.winrm password with the real one.  

One last thing, If you struggled with challenge #002 (Building a DC), I created a quick video on YouTube going through the process.  You can find it at https://youtu.be/LsQaXzXv1qc.

Good luck and I'm looking forward to seeing your results!

Luke