System Center 2012 SP1 Service Provider Foundation High Availability

My previous blog on System Center VMM 2012 SP1 HA & SQL Server 2012 AlwaysOn Availability Groups describes a complete walkthrough on enabling high availability on the host level, the database level and the VMM level. This is great for a Private Cloud but when you are a Service Provider additional functionalities are necessary.

Yesterday Microsoft announced Windows Azure Pack as the new name for Windows Azure for Windows Server. Windows Azure Pack combined with System Center Service Provider Foundation completes the end to end solution by Microsoft for Service Providers. I have done a couple of posts on the installation and configuration of both products. This blog will describe a complete step by step for enabling high availability in System Center Service Provider Foundation.

This blog resumes its configuration at the end of the previous blog on System Center VMM 2012 SP1 HA & SQL Server 2012 AlwaysOn Availability Groups.

SPF HA Design

System Center Service Provider Foundation is an extensible OData web service backed by an SQL database. The database will be added to the SQL AlwaysOn Availability Group. There are two ways to enable high availability for the extensible OData web service. A hardware load balancer or Network Load Balancing (NLB). I do not have a hardware load balancer in my lab environment, so I will describe the steps to enable NLB.

Network Load Balancing

There are some choices to make if you are going to use Network Load Balancing. NLB can be configured in two modes. Unicast or Multicast. In Unicast mode the cluster MAC address is assigned to the individual server NIC. The built-in MAC address of the server NIC is not used. In multicast mode the cluster MAC address is also assigned to the individual server NIC (used for client to cluster) but the built-in MAC address of the server NIC is also used (used for communication directed to the server). It is also possible to choose between a single NIC and multiple NICs per server. For more information on the advantages and limitations on each design choice have a look the documentation on TechNet here. http://technet.microsoft.com/en-us/library/cc759562(v=ws.10).aspx

In this blog I have chosen for NLB in Unicast Mode with a single NIC per server. In Windows Server 2008 Microsoft enabled the UnicastInterhostCommSupport by default. This allows the individual hosts to communicate with each other despite the server MAC address being overruled by the cluster MAC address.

Before configuring NLB in the virtual machines there is one essential settings that must be changed on the virtual machines.

Hyper-V prevents MAC address spoofing from within the virtual machine. For an average virtual machine this is desirable, but NLB needs to overrule the individual server MAC address with the cluster MAC address. Open the Hyper-V settings of each virtual machines that will host System Center Service Provider Foundation (in this example SPF1 and SPF2) after shutting down the virtual machines. Select the Network Adapter (if you are chosen a multiple adapter NLB design, select the network adapter that will be used for cluster communication) and select advanced features. Checkmark the Enable MAC address spoofing.

02 MAC Address Spoofing

Start the virtual machines and logon to SPF1. Run the Add Roles and Features wizard and add the Network Load Balancing feature. Repeat this step on SPF2. After the installation completes open the Network Load Balancing Manager, right click Network Load Balancing Clusters and select New Cluster. In the Connect tab specify SPF1 as the host value and select the Interface name that will be used for cluster communication. Leave all defaults in the Host Parameters tab. In the Cluster IP Addresses tab select Add and specify the IP address that will be used for client to cluster communication (in this example 172.21.5.140). In the Cluster Parameters tab select the Cluster IP Address we just created and specify the full internet name.

03 NLB Cluster Parameters

The full internet name is the address that will be used by the clients to access the cluster. For System Center Service Provider Foundation these clients will probably be located somewhere on the World Wide Web. In this example I used spf.hyper-v.nu as the full internet name. Select Unicast as the cluster operation mode. In the Port Rules tab you can change default range that the cluster IP listens on. The minimum port required for a default System Center Service Provider Foundation installation is 8090. I will leave the default port rule in place.

04 Port Rules

Finishing the wizard will create the NLB cluster with a single server. After all NLB operations are succeeded right click the cluster (in this example spf.hyper-v.nu) and select Add Host to Cluster. Repeat the same steps for the second server (SPF2).

When the wizard completes open a command prompt and run wlbs display

05 WLBS

This allows you to verify that UnicastInterhostCommSupport is enabled. This allows you to connect from SPF1 to SPF2.

Opening the NLB Manager with a single NIC per server and NLB in Unicast mode will present you with the following Warning.

Running NLB Manager on a system with all networks bound to NLB might not work expected. If all interfaces are set to run NLB in “unicast” mode, NLB Manager will fail to connect to hosts.

06 NLB warning

I have not experienced this issue described in the warning, but if you want to make sure, just add an additional adapter.

System Center Service Provider Foundation

Use the step by step from my previous blog on Installing and configuring System Center Service Provider Foundation (http://www.hyper-v.nu/archives/marcve/2013/01/installing-and-configuring-system-center-service-provider-foundation/) to perform the installation of System Center Service Provider Foundation on SPF1. I’ll sum up the step in short here

  • Move the SQL Availability Group to SQL1
  • Install the prerequisites on SPF1
  • Create the domain service account (in this example hypervnuSVC_SPF)
  • Create the domain groups (in this example hypernuSPF_Admins, hypernuSPF_Provider, hypernuSPF_VMM)
  • Request and install a web certificate from a public certificate authority with a common name that will be used for external access (equal to the full internet name specified in the NLB cluster configuration)
  • Install the System Center Virtual Machine Manager 2012 SP1 Administrator Console.
  • Install System Center 2012 SP1 Service Provider Foundation
  • On the configure the database server tab specify the SQL DNS Listener of the Availability Group (in this example SQL)
  • Complete the installation wizard steps as described in the previous blog.
  • Add the service account (in this example hypervnuSVC_SPF) to the following local groups on SPF1 (SPF_Admin, SPF_Provider and SPF_VMM)
  • Add the service account (hypervnuSVC_SPF) to the administrator user role in System Center VMM 2012 SP1
  • Specify the Sysadmin role for the service account (hypervnuSVC_SPF) on SQL1 (where the Availability Group was primary during the installation of System Center Service Provider Foundation).

Add the System Center Service Provider Foundation database to the Availability Group

As described in the previous blog it is a good idea to test the availability of the database in the SQL Server AlwaysOn Availability Group before adding the second server to the Service Provider Foundation NLB cluster. Login to SQL1 and open the SQL Server Management Studio. Open the properties of the SCSPFDB database and verify that the recovery model is set to Full in the options tab.

07 Recovery model

After performing a backup of the database, right click the Availability Databases entry of the Availability Group and select Add Database.

The Add Database to Availability Group wizard will display all available databases and if they meet the requirements to be added to the Availability Group. Select the SCSPFDB database in the Availability Group wizard and perform a full data synchronization.

Open the Failover Cluster Manager on SQL1, right click the SQL clustered service, select move and select node SQL2. When you compare the Logins between SQL1 and SQL2 you will notice that SQL2 does not have a login for the Service Provider Foundation domain service account (in this example hypervnuSVC_SPF).

08 Add SQL login

Right click logins in SQL Server management studio connected to SQL2 and select add. Add the Service Provider Foundation domain service account (in this example hypervnuSVC_SPF).

Install System Center Service Provider Foundation on the second server

With the SCSPFDB database in the Availability Group moved to SQL2 we are ready to install System Center Service Provider Foundation on the second server. The steps are almost the same as the steps on the first server (SPF1) with some exceptions. I’ll sum up the step in short

  • Install the prerequisites on SPF2
  • Export the public web certificate from SPF1 and import it on SPF2
  • Install the System Center Virtual Machine Manager 2012 SP1 Administrator Console.
  • Install System Center 2012 SP1 Service Provider Foundation
  • On the configure the database server tab specify the SQL DNS Listener of the Availability Group (in this example SQL)
  • Complete the installation wizard steps as described in the previous blog
  • Add the service account (in this example hypervnuSVC_SPF) to the following local groups on SPF2 (SPF_Admin, SPF_Provider and SPF_VMM)

Verify System Center Service Provider Foundation High Availability

On the System Center Orchestrator Engineering Blog you can find some URLs to test your environment. To open the web service endpoint use the following URL:

https://<server>:8090/SC2012/VMM/Microsoft.Management.Odata.svc/

Replace the <server> variable with the name you specified in your public certificate. In this example:

https://spf.hyper-v.nu: 8090/SC2012/VMM/Microsoft.Management.Odata.svc/

Make sure that you have a DNS record in place that resolves the FQDN to the IP address of the cluster.

You will be prompted to authenticate to the web service endpoint. Validate with the Service Provider Foundation domain service account (in this example hypervnuSVC_SPF).

09 Authenticate to web service

You should be rewarded with a XML formatted list of all objects without their properties in XML. Shut down SPF1 and refresh the page. Start SPF1, shutdown SPF2 and refresh the page again.

10 Web service request

You now have a high available System Center Service Provider Foundation layer on top of VMM.

More Information

Cannot access the virtual or dedicated IP address of an NLB node (Guest) running in Unicast Mode on Windows Server 2008 R2 Hyper-V

Service Provider Foundation, URLs for testing that it’s up and running after installation

Using Network Load Balancing

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>