We recommend you use Windows Server Failover Clustering (WSFC) and SQL Server AlwaysOn Availability Groups as your SQL Server high availability solution on Alibaba Cloud's ECS (Elastic Compute Service) Instances.
WSFC is a feature of the Windows Server platform, which is generally used to improve the high availability of applications and services on your network. WSFC is a successor to the Microsoft Cluster Service (MCS).
An Alibaba Cloud ECS Instance provides fast memory and the latest Intel CPUs to help you to power your cloud applications and achieve faster results with low latency. All ECS instances come with Anti-DDoS protection to safeguard your data and applications from DDoS and Trojan attacks.
The Alibaba Cloud ECS allows you to load applications with multiple operating systems and manage network access rights and permissions. Within the user console, you can also access the latest storage features, including auto snapshots, which is perfect for testing new tasks or operating systems as it allows you to make a quick copy and restore later. It offers a variety of configurable CPU, memory, data disk and bandwidth variations allowing you to tailor each Instance to your specific needs.
We recommend the following hardware to deploy this solution:
We also recommend the following software with the listed specifications:
Since images produce ECS instances, some of them may share the same name. While this problem is rare with VPCs (Virtual Path Connections), to ensure absolute security, modify the host name to shorter than 15 characters and immediately restart the host.
You can manually alter the name using the following Powershell command:
Rename-Computer -NewName "ServerName" -restart -force
You can disable the User Account Control (UAC) remote restrictions using the following Powershell command:
new-itemproperty -path
HKLM:SOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem -Name
LocalAccountTokenFilterPolicy -Value 1
In this tutorial, we will show you how to deploy Cross-Availability Zone (AZ) Windows Server Failover Clustering (WSFC) on an Alibaba Cloud Elastic Compute Service (ECS) instance.
WSFC is a feature of the Windows Server platform, which is generally used to improve the high availability of applications and services on your network. WSFC is a successor to the Microsoft Cluster Service (MCS). We recommend you use Windows Server Failover Clustering (WSFC) and SQL Server AlwaysOn Availability Groups as your SQL Server high availability (HA) solution on Alibaba Cloud's Elastic Compute Service (ECS) instances.
An Alibaba Cloud ECS Instance provides fast memory and the latest Intel CPUs to help you to power your cloud applications and achieve faster results with low latency. All ECS instances come with Anti-DDoS protection to safeguard your data and applications from DDoS and Trojan attacks.
The Alibaba Cloud ECS allows you to load applications with multiple operating systems and manage network access rights and permissions. Within the user console, you can also access the latest storage features, including auto snapshots, which is perfect for testing new tasks or operating systems as it allows you to make a quick copy and restore later. It offers a variety of configurable CPU, memory, data disk and bandwidth variations allowing you to tailor each Instance to your specific needs.
When using WSFC in conjunction with Alibaba Cloud ECS, if one cluster node fails, another node can take over. We can configure this failover to happen automatically, which is the usual configuration, or we can manually trigger a failover.
In this tutorial, we deploy a Cross-Availability Zone (AZ) WSFC on an Alibaba Cloud ECS instance. This tutorial assumes a basic understanding of Alibaba Cloud's suite of products and services, the Alibaba Cloud Console, failover clustering, the Active Directory (AD), and the administration of Windows Server.
We recommend the following configuration, which contains three servers and runs across the Alibaba Cloud Virtual Private Cloud (VPC) to provide an isolated cloud network to operate your resource in a secure environment:
• A primary ECS instance running Windows Server 2016.
• A secondary ECS instance, configured to match the primary instance, running in another Availability Zone.
• An Active Directory (AD) / domain name server (DNS) instance. This server will serve several roles:
Note: the quorum is sometimes referred to as the Disk or File Witness. It is simply a small clustered disk which is in the available cluster storage group.
When the cluster fails, requests must go to the newly active node. This routing is usually handled by the address resolution protocol (ARP), which associates IP addresses with MAC addresses.
However, in Alibaba Cloud, the VPC system uses software-defined networking, which does not provide MAC addresses. This means the changes broadcast by ARP don't affect routing. To make routing work, we need to make use of an Alibaba Cloud product called HAVIP (Highly Available Virtual IP).
In this scenario we need to form a cluster across two different subnets in two availability zones. So, we will need to employ two HAVIPs.
When a failover happens in the cluster, the following changes take place:
That's it! Let's start the tutorial from the Alibaba Cloud Console.
Learn how you will be affected by the end of Windows and SQL Server 2008 support in 2020, and how you can future-proof your infrastructure through containerization.
Microsoft has been reminding their customers, for quite some time now, that Windows Server 2008 and SQL Server 2008 will be out of support as per its lifecycle support schedule. Although there is less than a year remaining for the support to expire, many organizations still have their applications hosted on these platforms.
End of extended support means Microsoft will stop providing any security updates for these products, which means that all apps hosted on these platforms will be vulnerable to security threats. With so many regulations to comply with nowadays, and especially with the GDPR in place from 2018, the last thing any organization want is loss of revenue and reputation resulting from a security breach. Therefore, it is crucial for organizations to act now before it is too late.
In 2014, when we were facing with a similar risk - for Windows 2003 and SQL 2005 - we did not have many options. You had to either:
Thankfully, it is 2019 and we have made several technological advancements that can provide us with more options. Here is a quick summary of what you can do:
Given the potential for incidents like WannaCry ransomware attack, this is certainly not a reasonable option. Without any commitment from vendors to provide patches for vulnerabilities, you are always at the risk of a security breach when new threats are identified. Time and reputation lost in recovering from a security breach could adversely impact any business.
I still remember that weekend of WannaCry incident, when we had to pull together teams to install the last-minute patch on Windows 2003 servers, for our clients globally. Patches for Win2008 and Win2012 were already released and those servers were updated as part of the patching cycle.
Yes, you can get 3 more years of free security updates from Microsoft, if you can find the money and time to migrate all of those 2008 servers to Microsoft's public cloud - Azure. With this option, all you are doing is postponing the risk as you still have to spend money and effort to migrate those apps at a later date. This option reminds me of how we dumped most of our items in the garage when we moved to our new home. Though we got some sorted on the day we moved, we still had to spend the entire Christmas break sorting and moving things out of the garage and into our new home!
Microsoft does provide some useful tools to help with the migration process, but you still need to evaluate each application and plan the migration to Azure - all this needs to be done by the end of the year!
In this article, we'll explore SynAttackProtection in detail to understand how it can cause connection problems for application services built on Windows Server 2008 R2.
Recently, a Syn Flood Attack caused connection problems for some application services on Windows servers, which caused some doubts as to whether Windows could withstand Syn Flood Attacks. Due to the "good" closure of Windows, the official documents were vague and did not give a clear introduction for this issue. Therefore, we have carefully studied the SynAttackProtection Implementation driven by tcpip.sys on Windows Server 2008 R2.
Note: If you do not know much about SynAttackProtection, you are recommended to review the reference materials first.
SynAttackProtection is briefly described in the documentation of Microsoft:
Generally, the system that is providing services will not initiatively start the TCPIP ETL trace in advance without knowing it. Once a problem occurs, we can only capture a Memory Dump, and try to find the key information in the Dump through the complete Public Symbol provided by Microsoft.
The easiest way to find the information is to display the function names and global variables of the relevant drivers through the windbg/kd x command. Through the Syn Attack keyword, we can easily find it.
Furthermore, we can use Live Debug to attach the Windows Debugger to the Kernel Debug virtual machine interface of Windows Server 2008 R2, and use the ba SynRcvdLimit method to set the memory read breakpoint, so that we can easily obtain the entire call stack and the key Kernel functions.
A single server-based service for application deployment, security management, O&M monitoring, and more
Elastic and secure virtual cloud servers to cater all your cloud hosting needs.
In this clouder we will discuss the use of a Simple Application Server to deploy an e-commerce website. After the server has been set up, we will run a web server running environment and install a Magento package. Magento is an easy-to-use e-commerce tool that allows you to design and monitor your e-commerce website simply and effiecently. Completing this clouder will give you all the tools necessary to begin your online business!
Want to learn how to construct a dynamic website that can actively update its content? In this Clouder lesson, you will learn how to build a WordPress website on Alibaba Cloud.
This topic describes how to manage an ECS instance that is created from a Windows Server Semi-Annual Channel image.
Windows Server Semi-Annual Channel runs in Server Core mode and is entirely command-line based. Windows Server Semi-Annual Channel offers some significant advantages, such as support for remote management, lower requirements for hardware, and a reduction in the need for updates. Windows Server Semi-Annual Channel instances exclude Resource Manager, Control Panel, and Windows Explorer. The instances do not support the *.msc command-line option such as devmgmt.msc. You can manage servers by using tools such as Sconfig, Server Manager, PowerShell, and Windows Admin Center.
This topic describes how to back up data from a Windows ECS instance to Apsara File Storage NAS. You can use a Windows built-in tool named Windows Server Backup to back up data from disks to Apsara File Storage NAS.
With Windows Server Backup, you can perform a full backup to back up all data at a time. You can also schedule backup tasks to run automatically at regular intervals. You can restore data from these backups at any time.
Apsara File Storage NAS helps you achieve compute-storage separation. You can store temporary data for computing tasks and dynamic memory on ECS instances and store permanent data on Apsara File Storage NAS. If no response is returned from one ECS instance, you can switch to another ECS instance to access data stored on Apsara File Storage NAS. Apsara File Storage NAS allows multiple ECS instances to access a file system.
You can manually synchronize data stored on an ECS instance to Apsara File Storage NAS or schedule synchronization plans on a regular basis. This helps you preserve data and restore data in the event of data loss. Each disk snapshot is a copy of an entire disk. However, Apsara File Storage NAS is more flexible for data storage. Instead of backing up an entire disk, you can back up one or more directories at a time.
GPU cloud server is a computing service based on GPU application. It is applicable for AI deep learning, video processing, scientific computing, graphic visualization, and other application scenarios. Alibaba Cloud becomes the first cloud provider partnering with NGC GPU Container in China (which provides the best fully optimized deep learning framework for customers).
RealSight APM is a much easy to use and much powerful management platform for monitoring application health state, performance, cloud resources, user experience and relevant resources of applications running in cloud. It can help you to constantly monitoring your applications and release you from the cumbersome operation works.
How Do I Setup SoftEther, OpenVPN, WireGuard, SSL VPN Server
2,599 posts | 764 followers
FollowAlibaba Clouder - September 30, 2018
Alibaba Clouder - September 29, 2018
Alibaba Clouder - February 25, 2020
Alibaba Clouder - September 27, 2018
Alibaba Clouder - August 9, 2019
Alibaba Clouder - September 28, 2018
2,599 posts | 764 followers
FollowAn on-demand database hosting service for SQL Server with automated monitoring, backup and disaster recovery capabilities
Learn MoreAn all-in-one service for log-type data
Learn MoreMore Posts by Alibaba Clouder