This document discusses multi-site clustering with Microsoft Failover Clustering. It describes how multi-site clustering protects against datacenter loss through replication of data between sites. Key aspects covered include benefits of multi-site clustering, deployment considerations, replication solutions, network configurations, faster failover techniques using DNS and VLANs, quorum models, and best practices.
These slides were part of a presentation given at HushCon East 2017. The talk covered how we can use big data to improve the effectiveness of offensive security tools.
This document discusses DNS cache poisoning. It begins by explaining what DNS is and its purpose of mapping domain names to IP addresses. It then discusses how DNS servers implement caching to improve performance and defines DNS cache poisoning as getting unauthorized entries into a DNS server's cache. The document outlines how an attacker could poison a cache to redirect traffic to a machine they control in order to perform man-in-the-middle attacks or install malware. It describes various methods of poisoning caches locally or remotely, such as between end users and nameservers or between nameservers themselves using the Kaminsky attack. Defenses like DNSSEC are mentioned along with encouragement to try cache poisoning in a controlled lab environment.
1. The document discusses DNS cache poisoning using a man-in-the-middle attack. It provides details on setting up the attack using Kali Linux, Windows Server 2008, and Windows 7. It clones the Facebook website and poisons the DNS cache so traffic is redirected to the fake site.
2. Testing confirms the attack was successful when pinging the fake Facebook site returns the IP of the Kali machine for both Windows systems. The document also proposes short and long-term solutions to prevent DNS cache poisoning attacks, such as disabling open recursive name servers and implementing DNSSEC.
3. In conclusion, the document notes that while DNS cache poisoning is easy to setup, protection requires more effort but is still important for network
This document discusses DNS cache poisoning vulnerabilities, including:
- Explanations of how cache poisoning works by entering non-authoritative records into a resolver's cache.
- A timeline of vulnerabilities discovered from 1993-2008 related to implementation issues that allowed cache poisoning.
- Countermeasures like DNSSEC that add authentication and integrity to DNS to prevent cache poisoning attacks.
This document discusses strategies for improving the resilience of the Domain Name System (DNS) against distributed denial-of-service (DDoS) attacks. It outlines how caching of DNSSEC-signed responses for non-existent domain names can help prevent unnecessary queries from reaching the DNS root servers. The document details an initiative by APNIC to sponsor the inclusion of this NSEC caching in the upcoming BIND 9.12 release, which would help distribute DNS query load more efficiently and mitigate DDoS attacks targeting the root servers.
APNIC Director General Paul Wilson discusses APNIC’s support of updates to BIND to implement caching of NSEC responses, to reduce root server query loads.
This document provides an overview and agenda for a presentation on securing and hardening DNS servers. It discusses configuring DNS servers at both the local system level and network level. At the local level, it recommends partitioning the file system, using chroot jails, firewalls, and access control configurations. At the network level, it discusses topics like limiting services, securing NTP, and managing DNS zones and records. The overall goal is to understand the high-level requirements for securing a DNS server and limiting access to the DNS service.
XPDS14: Xen and the Art of Certification - Nathan Studer & Robert VonVossen, ...The Linux Foundation
With the rapid growth in computing power of embedded platforms, system designers are turning to hypervisors to consolidate functionality in order to reduce the Size, Weight, Power, and Cost of embedded systems. With the recent addition of ARM support to the Xen hypervisor, Xen provides an attractive Open Source option for such systems. However, some of the industries most interested in this technology, such as automotive, medical, and avionics, have strict safety certification requirements. Nathan Studer will give a brief overview on DornerWorks efforts certifying Xen, describe the hurdles and advantages that Xen and its development model lend to the certification effort, and layout a proposed path for certifying Xen.
These slides were part of a presentation given at HushCon East 2017. The talk covered how we can use big data to improve the effectiveness of offensive security tools.
This document discusses DNS cache poisoning. It begins by explaining what DNS is and its purpose of mapping domain names to IP addresses. It then discusses how DNS servers implement caching to improve performance and defines DNS cache poisoning as getting unauthorized entries into a DNS server's cache. The document outlines how an attacker could poison a cache to redirect traffic to a machine they control in order to perform man-in-the-middle attacks or install malware. It describes various methods of poisoning caches locally or remotely, such as between end users and nameservers or between nameservers themselves using the Kaminsky attack. Defenses like DNSSEC are mentioned along with encouragement to try cache poisoning in a controlled lab environment.
1. The document discusses DNS cache poisoning using a man-in-the-middle attack. It provides details on setting up the attack using Kali Linux, Windows Server 2008, and Windows 7. It clones the Facebook website and poisons the DNS cache so traffic is redirected to the fake site.
2. Testing confirms the attack was successful when pinging the fake Facebook site returns the IP of the Kali machine for both Windows systems. The document also proposes short and long-term solutions to prevent DNS cache poisoning attacks, such as disabling open recursive name servers and implementing DNSSEC.
3. In conclusion, the document notes that while DNS cache poisoning is easy to setup, protection requires more effort but is still important for network
This document discusses DNS cache poisoning vulnerabilities, including:
- Explanations of how cache poisoning works by entering non-authoritative records into a resolver's cache.
- A timeline of vulnerabilities discovered from 1993-2008 related to implementation issues that allowed cache poisoning.
- Countermeasures like DNSSEC that add authentication and integrity to DNS to prevent cache poisoning attacks.
This document discusses strategies for improving the resilience of the Domain Name System (DNS) against distributed denial-of-service (DDoS) attacks. It outlines how caching of DNSSEC-signed responses for non-existent domain names can help prevent unnecessary queries from reaching the DNS root servers. The document details an initiative by APNIC to sponsor the inclusion of this NSEC caching in the upcoming BIND 9.12 release, which would help distribute DNS query load more efficiently and mitigate DDoS attacks targeting the root servers.
APNIC Director General Paul Wilson discusses APNIC’s support of updates to BIND to implement caching of NSEC responses, to reduce root server query loads.
This document provides an overview and agenda for a presentation on securing and hardening DNS servers. It discusses configuring DNS servers at both the local system level and network level. At the local level, it recommends partitioning the file system, using chroot jails, firewalls, and access control configurations. At the network level, it discusses topics like limiting services, securing NTP, and managing DNS zones and records. The overall goal is to understand the high-level requirements for securing a DNS server and limiting access to the DNS service.
XPDS14: Xen and the Art of Certification - Nathan Studer & Robert VonVossen, ...The Linux Foundation
With the rapid growth in computing power of embedded platforms, system designers are turning to hypervisors to consolidate functionality in order to reduce the Size, Weight, Power, and Cost of embedded systems. With the recent addition of ARM support to the Xen hypervisor, Xen provides an attractive Open Source option for such systems. However, some of the industries most interested in this technology, such as automotive, medical, and avionics, have strict safety certification requirements. Nathan Studer will give a brief overview on DornerWorks efforts certifying Xen, describe the hurdles and advantages that Xen and its development model lend to the certification effort, and layout a proposed path for certifying Xen.
This document summarizes a study of an outage of a company's DNS full-resolvers. During the outage, both of the company's caching nameservers failed for 12 minutes. During this period, clients were unable to resolve hostnames and query rates increased as clients retried requests. When the servers were restored, they received much higher query rates for several seconds as clients flushed their caches. The study found that having multiple DNS resolvers provides redundancy and avoids a complete outage. It also showed that clients unintentionally synchronize, likely due to scheduled tasks on devices, which can lead to spikes in query rates.
Database virtualization technologies allow for cloning database instances while sharing data. This avoids consuming large amounts of storage for full copies. Technologies like CloneDB, Oracle ZFS Storage Appliance, Delphix, and Data Director create clone instances that only store changed data, sharing read-only data from snapshots. They provide benefits like faster provisioning of clones, reduced storage usage, and easier testing and development.
Dhaval Kapil presented on DNS security. He discussed how DNS works and its flaws due to a lack of security in its original design. This allowed various threats to emerge like zone file compromise, DNS amplification attacks, and cache poisoning. To mitigate these threats, extensions like DNSSEC were developed to authenticate DNS responses and ensure integrity, though adoption remains limited.
Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,PavlicekThe Linux Foundation
Many people have difficulty understanding the difference between the Xen Hypervisor, XenServer, and XAPI. In this session, James Bulpin, Director of Technology for XenServer, and Russell Pavlicek, Evangelist for the Xen Project, will attempt to clarify what each project is, what it does, and how it compares with the others. We will cover some of the basic features and functions, the tasks for which each is suitable, and where the projects overlap. Attendees will come away with a better sense of where these three projects fit in the world of Xen virtualization.
This document provides an overview and introduction to DNS and DNSSEC. It begins with introducing the presenter, Nurul Islam Roman, and his background and areas of expertise. The overview section lists the topics to be covered, including DNS overview, forward and reverse DNS, DNS security overview, TSIG, and DNSSEC. The document then delves into explanations of DNS overview, how it works, its features and components. It also covers IP addresses vs domain names, the DNS tree hierarchy, domains, root servers, resolvers, authoritative and recursive nameservers. Finally, it discusses resource records, common RR types, reverse DNS, delegation, glue records and responsibilities around APNIC and ISPs for reverse delegations.
We develop a consistent mutable replication extension for NFSv4 tuned to meet the rigorous demands of large-scale data sharing in global collaborations. The system uses a hierarchical replication control protocol that dynamically elects a primary server at various granularities. Experimental evaluation indicates a substantial performance advantage over a single server system. With the introduction of the hierarchical replication control, the overhead of replication is negligible even when applications mostly write and replication servers are widely distributed.
LCEU13: Securing your cloud with Xen's advanced security features - George Du...The Linux Foundation
Xen is a mature enterprise-grade virtual machine with many advanced security features which are unique to Xen. For this reason it's the hypervisor of choice for the NSA, the DoD, and the new QubesOS Secure Desktop project. While much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, XSM, and so on are not enabled by default. This session will describe all of the advanced security features of Xen, and the best way to configure them for the Cloud environment. When the audience leaves, they should have a general framework to evaluate the security of their system, know the key security features of Xen, and have a basic framework of knowledge to help them make sense of the documentation. This talk will *not* go into mind-numbing detail about specific commands to type or configuration options.
Google uses virtualization for internal corporate infrastructure. As part of this, we have developed a number of tools, some open source, for managing the Xen deployment. The talk will describe the technical infrastructure used, the internal workflows and machine management processes, and the specific use-cases for virtualization.
DNS (Domain Name System) is an application layer protocol that translates host names to IP addresses. DNS was created to make addressing easier for users to remember and access resources, as the internet grew larger and IP addresses became more difficult to memorize. Before DNS existed, host files or centralized servers were used to map names to addresses but became infeasible as the number of users and hosts increased substantially. DNS works by having name servers that cache address mappings and can be queried by clients to lookup names. However, DNS is susceptible to various security issues like cache poisoning, denial of service attacks, and reflection/amplification attacks which aim to corrupt mappings, overload servers, or spoof source addresses. Techniques to improve security include using
This document provides instructions for configuring a Squid proxy server on CentOS. It discusses obtaining information about the system like the OS distribution, hardware architecture, and installed application versions. It also outlines basic Squid configuration steps like backing up the default configuration file, checking the port Squid listens on, and ensuring the log file location is set correctly before starting Squid. Configuring access controls and caching policies would be covered in more depth in subsequent sections.
The document provides an overview of Novell Storage Services features and architecture when implemented on Linux using Novell Open Enterprise Server. It discusses features such as trustee models, quotas, compression. It describes the architecture which uses components like EVMS, NSS storage subsystem, NCP server, and VFS. It also covers tuning, troubleshooting, and clustering aspects of Novell Storage Services on Linux.
The document discusses integrating Novell Teaming with an existing infrastructure. Teaming can leverage existing server environments, authentication sources, email systems, and file shares. It supports a variety of platforms and databases. Teaming provides collaboration features like document sharing and feeds. It can integrate with Novell GroupWise and expose existing document stores within Teaming.
The document discusses migrating a Novell Open Enterprise Server from NetWare to Linux using Novell's migration tool. It provides an agenda for a lab demonstrating the migration, including an overview of the lab scenario, migration options, prerequisites for a successful consolidation, and steps for preparing, building the target server, and managing services on Open Enterprise Server Linux.
Erlang on Xen: Redefining the cloud software stackViktor Sovietov
This document summarizes a presentation about Erlang on Xen and new approaches to cloud software stacks. It introduces Erlang on Xen as a new Erlang runtime that runs without an operating system and is optimized for low startup latency. It then outlines 7 "commandments" of new cloud software, including running computations near data and avoiding administration. Two potential projects are described: developing a Dom0 based on Erlang on Xen, and evaluating all web scripts inside separate Xen domains for increased security and performance.
The document discusses open source virtualization and provides an overview of key concepts like hypervisors, virtual machine environments, and different virtualization techniques. It also shares a real world case study of how Aplura implemented Xen virtualization to consolidate servers and gain flexibility. Tips are provided around hardware requirements, disk imaging, and common troubleshooting issues.
A presentation on DNS concepts. It covers the topics DNS Introduction, DNS Hierarchy, DNS Resolution Process,
DNS Components, DNS Types, DNSSEC, DNS over TLS (DoT) & HTTPS (DoH), Oblivious DNS (ODoH).
[Lucas Films] Using a Perforce Proxy with Alternate TransportsPerforce
The document discusses using a Perforce proxy with an alternate transport like UDP to overcome high latency or low bandwidth networks between global sites. It describes how a Perforce proxy caches files to improve transfer speeds but is traditionally limited by TCP/IP. The author details using Aspera Sync to mirror the Perforce server to the proxy at much higher speeds of 20-25 MB/s over UDP, improving a 1GB file transfer from 4 hours to just minutes. This solution leverages the stateless nature of the proxy and removes the dependence on TCP/IP for large data sharing between remote offices.
Domain Name System (DNS) - Domain Registration and Website Hosting BasicsAsif Shahzad
I teach Web Technologies course at COMSATS University to undergrad students. These are lectures slides prepared for students. I thought to share it with all. Hope you would like it. It contains good enough details about how DNS, Hosting and Domain Registration works.
This document discusses availability options for SharePoint server farms. It begins by covering common causes of downtime in SharePoint like hardware failures, network issues, and human error. It then describes the limited high availability (HA) and disaster recovery (DR) capabilities that SharePoint has built-in, such as server redundancy and a secondary farm. Third-party options are presented as providing more robust protection than what is included with SharePoint, like rapid backup/recovery, replication, virtualization, and clustering. Neverfail is highlighted as a solution that can monitor entire SharePoint farms, enable automated failover across sites for HA and DR, and protect all SharePoint components through a single management interface. Determining the right availability solution involves
This document summarizes a study of an outage of a company's DNS full-resolvers. During the outage, both of the company's caching nameservers failed for 12 minutes. During this period, clients were unable to resolve hostnames and query rates increased as clients retried requests. When the servers were restored, they received much higher query rates for several seconds as clients flushed their caches. The study found that having multiple DNS resolvers provides redundancy and avoids a complete outage. It also showed that clients unintentionally synchronize, likely due to scheduled tasks on devices, which can lead to spikes in query rates.
Database virtualization technologies allow for cloning database instances while sharing data. This avoids consuming large amounts of storage for full copies. Technologies like CloneDB, Oracle ZFS Storage Appliance, Delphix, and Data Director create clone instances that only store changed data, sharing read-only data from snapshots. They provide benefits like faster provisioning of clones, reduced storage usage, and easier testing and development.
Dhaval Kapil presented on DNS security. He discussed how DNS works and its flaws due to a lack of security in its original design. This allowed various threats to emerge like zone file compromise, DNS amplification attacks, and cache poisoning. To mitigate these threats, extensions like DNSSEC were developed to authenticate DNS responses and ensure integrity, though adoption remains limited.
Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,PavlicekThe Linux Foundation
Many people have difficulty understanding the difference between the Xen Hypervisor, XenServer, and XAPI. In this session, James Bulpin, Director of Technology for XenServer, and Russell Pavlicek, Evangelist for the Xen Project, will attempt to clarify what each project is, what it does, and how it compares with the others. We will cover some of the basic features and functions, the tasks for which each is suitable, and where the projects overlap. Attendees will come away with a better sense of where these three projects fit in the world of Xen virtualization.
This document provides an overview and introduction to DNS and DNSSEC. It begins with introducing the presenter, Nurul Islam Roman, and his background and areas of expertise. The overview section lists the topics to be covered, including DNS overview, forward and reverse DNS, DNS security overview, TSIG, and DNSSEC. The document then delves into explanations of DNS overview, how it works, its features and components. It also covers IP addresses vs domain names, the DNS tree hierarchy, domains, root servers, resolvers, authoritative and recursive nameservers. Finally, it discusses resource records, common RR types, reverse DNS, delegation, glue records and responsibilities around APNIC and ISPs for reverse delegations.
We develop a consistent mutable replication extension for NFSv4 tuned to meet the rigorous demands of large-scale data sharing in global collaborations. The system uses a hierarchical replication control protocol that dynamically elects a primary server at various granularities. Experimental evaluation indicates a substantial performance advantage over a single server system. With the introduction of the hierarchical replication control, the overhead of replication is negligible even when applications mostly write and replication servers are widely distributed.
LCEU13: Securing your cloud with Xen's advanced security features - George Du...The Linux Foundation
Xen is a mature enterprise-grade virtual machine with many advanced security features which are unique to Xen. For this reason it's the hypervisor of choice for the NSA, the DoD, and the new QubesOS Secure Desktop project. While much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, XSM, and so on are not enabled by default. This session will describe all of the advanced security features of Xen, and the best way to configure them for the Cloud environment. When the audience leaves, they should have a general framework to evaluate the security of their system, know the key security features of Xen, and have a basic framework of knowledge to help them make sense of the documentation. This talk will *not* go into mind-numbing detail about specific commands to type or configuration options.
Google uses virtualization for internal corporate infrastructure. As part of this, we have developed a number of tools, some open source, for managing the Xen deployment. The talk will describe the technical infrastructure used, the internal workflows and machine management processes, and the specific use-cases for virtualization.
DNS (Domain Name System) is an application layer protocol that translates host names to IP addresses. DNS was created to make addressing easier for users to remember and access resources, as the internet grew larger and IP addresses became more difficult to memorize. Before DNS existed, host files or centralized servers were used to map names to addresses but became infeasible as the number of users and hosts increased substantially. DNS works by having name servers that cache address mappings and can be queried by clients to lookup names. However, DNS is susceptible to various security issues like cache poisoning, denial of service attacks, and reflection/amplification attacks which aim to corrupt mappings, overload servers, or spoof source addresses. Techniques to improve security include using
This document provides instructions for configuring a Squid proxy server on CentOS. It discusses obtaining information about the system like the OS distribution, hardware architecture, and installed application versions. It also outlines basic Squid configuration steps like backing up the default configuration file, checking the port Squid listens on, and ensuring the log file location is set correctly before starting Squid. Configuring access controls and caching policies would be covered in more depth in subsequent sections.
The document provides an overview of Novell Storage Services features and architecture when implemented on Linux using Novell Open Enterprise Server. It discusses features such as trustee models, quotas, compression. It describes the architecture which uses components like EVMS, NSS storage subsystem, NCP server, and VFS. It also covers tuning, troubleshooting, and clustering aspects of Novell Storage Services on Linux.
The document discusses integrating Novell Teaming with an existing infrastructure. Teaming can leverage existing server environments, authentication sources, email systems, and file shares. It supports a variety of platforms and databases. Teaming provides collaboration features like document sharing and feeds. It can integrate with Novell GroupWise and expose existing document stores within Teaming.
The document discusses migrating a Novell Open Enterprise Server from NetWare to Linux using Novell's migration tool. It provides an agenda for a lab demonstrating the migration, including an overview of the lab scenario, migration options, prerequisites for a successful consolidation, and steps for preparing, building the target server, and managing services on Open Enterprise Server Linux.
Erlang on Xen: Redefining the cloud software stackViktor Sovietov
This document summarizes a presentation about Erlang on Xen and new approaches to cloud software stacks. It introduces Erlang on Xen as a new Erlang runtime that runs without an operating system and is optimized for low startup latency. It then outlines 7 "commandments" of new cloud software, including running computations near data and avoiding administration. Two potential projects are described: developing a Dom0 based on Erlang on Xen, and evaluating all web scripts inside separate Xen domains for increased security and performance.
The document discusses open source virtualization and provides an overview of key concepts like hypervisors, virtual machine environments, and different virtualization techniques. It also shares a real world case study of how Aplura implemented Xen virtualization to consolidate servers and gain flexibility. Tips are provided around hardware requirements, disk imaging, and common troubleshooting issues.
A presentation on DNS concepts. It covers the topics DNS Introduction, DNS Hierarchy, DNS Resolution Process,
DNS Components, DNS Types, DNSSEC, DNS over TLS (DoT) & HTTPS (DoH), Oblivious DNS (ODoH).
[Lucas Films] Using a Perforce Proxy with Alternate TransportsPerforce
The document discusses using a Perforce proxy with an alternate transport like UDP to overcome high latency or low bandwidth networks between global sites. It describes how a Perforce proxy caches files to improve transfer speeds but is traditionally limited by TCP/IP. The author details using Aspera Sync to mirror the Perforce server to the proxy at much higher speeds of 20-25 MB/s over UDP, improving a 1GB file transfer from 4 hours to just minutes. This solution leverages the stateless nature of the proxy and removes the dependence on TCP/IP for large data sharing between remote offices.
Domain Name System (DNS) - Domain Registration and Website Hosting BasicsAsif Shahzad
I teach Web Technologies course at COMSATS University to undergrad students. These are lectures slides prepared for students. I thought to share it with all. Hope you would like it. It contains good enough details about how DNS, Hosting and Domain Registration works.
This document discusses availability options for SharePoint server farms. It begins by covering common causes of downtime in SharePoint like hardware failures, network issues, and human error. It then describes the limited high availability (HA) and disaster recovery (DR) capabilities that SharePoint has built-in, such as server redundancy and a secondary farm. Third-party options are presented as providing more robust protection than what is included with SharePoint, like rapid backup/recovery, replication, virtualization, and clustering. Neverfail is highlighted as a solution that can monitor entire SharePoint farms, enable automated failover across sites for HA and DR, and protect all SharePoint components through a single management interface. Determining the right availability solution involves
This document discusses VMware certifications, specifically the VCDX certification. It provides information on the different certification levels (VCA, VCP, VCAP, VCDX), requirements to achieve VCDX certification, how to prepare for the VCDX exam through bootcamps and resources, and the importance of virtual environment design. The document emphasizes that VCDX is an elite certification held by around 100 people worldwide, and achieving it involves obtaining lower certifications, having your design application approved, and successfully defending your design in an exam.
How to Optimize Microsoft Hyper-V Failover Cluster and Double PerformanceStarWind Software
High availability in a virtualized workload may require to sacrifice failover cluster performance. Using an optimized for virtualization approach on data storage and virtual machines placement and protection will give you desired boost of performance.
The presentation shows how to:
- Achieve true Hyper-V cluster high availability with just 2 Hyper-V hosts and zero storage hardware
- Boost Hyper-V cluster performance by configuring automatic dynamic optimization
- Effectively track VMs resources usage
- Save an extra 30% of Hyper-V cluster resources by utilizing agentless antivirus
CISCO presentation used during the SWITCHPOINT NV/SA Quarterly Experience Day...SWITCHPOINT NV/SA
1. Cisco HyperFlex is Cisco's next generation hyperconverged infrastructure solution that provides a complete solution of computing, storage, and networking.
2. It uses a next generation data platform designed for distributed storage with features like inline deduplication and compression for efficiency as well as snapshots and clones for data services.
3. Cisco HyperFlex allows independent scaling of compute and storage, includes a highly available distributed file system, and provides a single point of management through Cisco UCS Manager for simplicity.
The document discusses clustering and high availability for Microsoft servers. It defines key clustering terms and describes four types of clustering: high performance computing, component load balancing, network load balancing, and server clustering. It provides an overview of clustering for Exchange Server and SQL Server, including requirements and configuration details.
HBaseConAsia2018 Track1-3: HBase at XiaomiMichael Stack
This document summarizes Xiaomi's implementation and use of HBase for data storage. It discusses Xiaomi's HBase clusters across multiple public cloud providers and data centers. It also describes Xiaomi's approaches to multi-tenancy, quota and throttling, synchronous replication between clusters, and high availability in the case of node or cluster failures. Synchronous replication provides stronger consistency guarantees but with some performance overhead compared to asynchronous replication.
Handling Data in Mega Scale Web SystemsVineet Gupta
The document discusses several challenges faced by large-scale web companies in managing enormous and rapidly growing amounts of data. It provides examples of architectures developed by companies like Google, Amazon, Facebook and others to distribute data and queries across thousands of servers. Key approaches discussed include distributed databases, data partitioning, replication, and eventual consistency.
The document discusses high availability and fault tolerance using Novell Cluster Services. It defines key concepts like availability, mean time between failures, and mean time to repair. It then covers best practices for deploying Novell Cluster Services, including hardware and software setup, connectivity rules, naming and addressing, and testing the cluster. It also discusses which types of resources can be clustered, like file sharing, iPrint, iFolder, and DHCP.
This document discusses distributed data center architectures and disaster recovery strategies. It begins by providing background on the evolution of data centers and then covers key aspects of distributed data center design like replication, high availability, and disaster recovery plans. The objectives of disaster recovery plans, such as recovery point and recovery time objectives, are explained. Different disaster recovery architectures like warm and hot standbys are also summarized.
The document discusses peer-to-peer and serverless networking models. It describes how clients in peer-to-peer networks can provide unused storage and computing resources. Examples of current peer-to-peer file sharing systems like BitTorrent are explained. The benefits of distributed and grid computing systems are discussed. Issues around security, privacy, and standards in peer-to-peer networks are also covered.
The FalconStor Network Storage Server (NSS) is a storage virtualization and data protection appliance. It provides virtualization and thin provisioning of storage for efficient utilization. The NSS also includes features for data replication, snapshots, and centralized management.
Storage, San And Business Continuity OverviewAlan McSweeney
The document provides an overview of storage systems and business continuity options. It discusses various types of storage including DAS, NAS and SAN. It then covers business continuity and disaster recovery strategies like replication, snapshots and mirroring. It also discusses how server virtualization can help improve disaster recovery.
WINDOWS SERVER JALAN INSTALASINYA DAN IMPLEMENTASINYAAditiaHamid1
The document discusses new features in Windows Server 2019 including Windows Admin Center, System Insight, Storage Migration Service, Storage Spaces Direct, and Storage Replica. It explains that Windows Admin Center is a browser-based tool for managing Windows servers and clients. Storage Migration Service allows migrating servers and data to new hardware or virtual machines. Storage Spaces Direct pools storage across servers for hyperconverged or converged deployments with options for mirroring or parity resiliency. Storage Replica enables replication of volumes for disaster recovery between servers or clusters.
The document discusses new features in Windows Server 2019 including Windows Admin Center, System Insight, Storage Migration Service, Storage Spaces Direct, and Storage Replica. It explains that Windows Admin Center is a browser-based tool for managing Windows servers and clients. Storage Migration Service allows migrating servers and data to new hardware or virtual machines. Storage Spaces Direct pools storage across servers for hyperconverged or converged deployments with options for mirroring or parity resiliency. Storage Replica enables replication of volumes for disaster recovery between servers or clusters.
This document discusses PlanDas Cache Cloud, a caching solution. It begins by covering concepts like availability, performance, reliability, and manageability as they relate to caching. It then discusses the differences between distributed and global caching approaches. The document outlines how caching can improve performance for web services and help address bottlenecks. It introduces the PlanDas Cache Cloud architecture, which uses consistent hashing for high availability. The document shows how the solution provides a global cache, multi-tenancy, and high performance. It also covers the web management interface and similarities to Redis APIs. Finally, it shares performance test results on AWS and physical machines that show throughput scaling as nodes are added.
The document discusses requirements and infrastructure considerations for setting up a large-scale eSobi site. It covers clustering, load balancing, failover, and session persistence strategies. The proposed infrastructure would be highly scalable and fault-tolerant with in-memory session replication and pluggable load balancing policies. A testing infrastructure is also recommended to ensure quality and reliability of the large-scale site.
VMworld Europe 2014: Virtual SAN Best Practices and Use CasesVMworld
This document provides an overview and agenda for a presentation on VMware Virtual SAN. It discusses key features of Virtual SAN including its software-defined storage approach and hybrid storage using SSD and HDD. Several use cases are reviewed like virtual desktop infrastructure, remote office/branch office, and DMZ/isolated environments. Best practices are also covered for various use cases around sizing, policies, and ready nodes. The document aims to introduce attendees to Virtual SAN capabilities and considerations for different deployment scenarios.
This document discusses strategies for handling large amounts of data in web applications. It begins by providing examples of how much data some large websites contain, ranging from terabytes to petabytes. It then covers various techniques for scaling data handling capabilities including vertical and horizontal scaling, replication, partitioning, consistency models, normalization, caching, and using different data engine types beyond relational databases. The key lessons are that data volumes continue growing rapidly, and a variety of techniques are needed to scale across servers, datacenters, and provide high performance and availability.
MySQL Cluster Carrier Grade Edition is a real-time database designed for the telecom industry that provides the flexibility of a relational database with the cost savings of open source. It is suited for large carriers and operators and uses a distributed, synchronous storage architecture with automated failover capability. It offers high performance, scalability and availability across geographies through asynchronous data replication between clusters.
Doble CPU y doble sistema operativo: Una solución NAS, SAN perfecta para tareas informáticas de alto rendimiento y almacenamiento, utilizando el sistema operativo QES o QTS
The document discusses data partitioning and distribution across multiple machines in a cluster. It explains that data replication does not scale well, but data partitioning, where each record exists on only one machine, allows write latency to scale with the number of machines in the cluster. Coherence provides a distributed cache that partitions data and offers functions for server-side processing near the data through tools like entry processors.
This document provides an overview of implementing affordable disaster recovery with Hyper-V and multi-site clustering. It discusses what constitutes a disaster, the key components needed which are a storage mechanism, replication mechanism, and target servers/cluster. It also covers clustering history, what a cluster is, and the important concept of quorum which determines a cluster's existence through voting of its members.
Technical Best Practices for Veritas and Microsoft Azure Using a Detailed Ref...Veritas Technologies LLC
Explore best practices around the following use cases related to the Microsoft Azure platform: Long-term retention of data in the cloud, migration of critical workloads including those running in VMware and Hyper-V, and resiliency of business services running in the cloud. Each of these scenarios are part of what Veritas 360 data management in the cloud can provide. Learn the best way to design, deploy, and manage within each of these scenarios on Azure, and gain key insights into how to avoid pitfalls of common practices and how to boost your cloud ROI – demonstrated via a reference architecture.
The document provides an overview of storage concepts including:
1) It defines online, nearline and offline storage and their characteristics.
2) It discusses the evolution of storage technologies from DAS to SAN and some advantages of SAN such as increased performance and scalability.
3) It describes some common storage components and technologies used in SAN implementations like HBAs, switches, fabrics and replication.
Similar to Multi site Clustering with Windows Server 2008 Enterprise (20)
VMWARE Professionals - Foundation Hybrid Clouds and CostsPaulo Freitas
This document provides an overview and agenda for a Microsoft Virtual Academy training on Windows Server 2012 Hyper-V and System Center 2012 SP1. The training will cover topics like storage and resource management, security, multi-tenancy, high availability, and private cloud solutions. It then discusses features of Hyper-V like scalability, performance, security, and availability. The remainder compares licensing and management costs of a Hyper-V and System Center environment versus a VMware vSphere and vCloud Suite environment.
The document provides an overview of a Microsoft Virtual Academy training on Windows Server 2012 Hyper-V, System Center 2012 SP1, and comparisons to VMware vSphere 5.1. It includes an agenda with topics on storage, security, high availability, and application management. It also includes a table comparing the multi-hypervisor management, guest OS support, third party integration, and application frameworks capabilities between Microsoft and VMware products.
This document provides an overview comparison of capabilities between Microsoft and VMware for private cloud platforms, including virtualization, templates, management, automation, monitoring, disaster recovery and data protection. Key differences noted are that Microsoft provides more granular workload protection, integrated development and operations (DevOps), application insight and support for heterogeneous environments compared to VMware which focuses primarily on VMware-specific technologies and capabilities.
VMWARE Professionals - Intro to System Center 2012 SP1Paulo Freitas
This document provides an overview comparison of virtualization and cloud management capabilities between Microsoft and VMware platforms. It outlines the key components of vSphere and System Center 2012, including hypervisor, virtual machine management, automation, service management, self-service, and monitoring tools. Pricing is listed for VMware vCloud Suite and Microsoft System Center 2012 Datacenter Edition licenses.
VMWARE Professionals - Availability and ResiliencyPaulo Freitas
This document provides an overview and comparison of virtualization capabilities between Microsoft Hyper-V and VMware vSphere. It outlines key hypervisor, management, networking, storage, availability, migration and disk formatting features. The document compares terminology and functionality between the two platforms across these areas to help identify similarities and differences.
VMWARE Professionals - Security, Multitenancy and FlexibilityPaulo Freitas
This document provides information about virtualization capabilities and features of Hyper-V 2012 and VMware vSphere 5.1. It discusses network virtualization, live migration capabilities like simultaneous migrations and storage migrations. Hyper-V 2012 supports many advanced features out of the box, while some VMware features require additional licenses or components. The document also provides configuration examples and diagrams to illustrate network virtualization and live migration workflows between Hyper-V hosts.
VMWARE Professionals - Storage and ResourcesPaulo Freitas
This document provides an overview and comparison of virtualization capabilities in Windows Server 2012 Hyper-V and VMware vSphere 5.1. It discusses features related to storage, networking, high availability, scalability and performance. Key areas covered include virtual hard disk formats, live migration, quality of service, dynamic memory and more. Charts are provided comparing specific features between Hyper-V and vSphere. The document aims to help organizations evaluate virtualization options for their datacenter needs.
This document discusses Microsoft Virtual Academy (MVA) which provides free online training for IT professionals on Microsoft products. It promotes an upcoming MVA event that will provide training on Windows Server 2012 Hyper-V, System Center 2012, and VMware's Private Cloud. The event will compare Hyper-V and VMware virtualization platforms and discuss storage, security, high availability, and private/hybrid clouds. It also provides details on performance and scalability improvements in Windows Server 2012 Hyper-V over previous versions and how it compares to VMware vSphere 5.1.
Hyper-V Integration with other System Center 2012 ComponentsPaulo Freitas
The document outlines Microsoft Virtual Academy training on System Center 2012 SP1. The training is divided into two halves, with the first half covering Hyper-V virtualization topics and the second half focused on integrating System Center 2012 components. Key System Center 2012 SP1 components discussed include Virtual Machine Manager, Operations Manager, Orchestrator, and App Controller. The components work together to provide an integrated cloud solution for managing virtual and physical infrastructure from public and private clouds.
Hyper-V Integration with System Center 2012 Virtual Machine ManagerPaulo Freitas
This document provides an overview of the Microsoft Virtual Academy training on Hyper-V and System Center 2012. It outlines an introductory first half on Hyper-V topics like infrastructure, networking, storage, and management. After a meal break, the second half covers advanced Hyper-V configuration, high availability, and integration with System Center 2012 Virtual Machine Manager and other components. It then shifts to describing the capabilities of System Center 2012 Virtual Machine Manager for provisioning and managing virtualized workloads across private clouds.
Hyper-V High Availability and Live MigrationPaulo Freitas
This document provides an overview of a Microsoft Virtual Academy training program on Hyper-V virtualization. The program is split into two halves, with the first half covering topics like Hyper-V infrastructure, networking, storage, and management. The second half focuses on high availability, disaster recovery, and integrating Hyper-V with System Center. It also discusses capabilities like live migration, replication, clustering and improving application availability and redundancy through virtualization.
This document outlines a training course on Microsoft Virtualization. The course is divided into two halves, with the first half covering introductory topics like Hyper-V infrastructure and networking, and the second half focusing on advanced topics such as Hyper-V management, high availability, and integration with System Center 2012. Management options for Hyper-V are also discussed, including using Hyper-V Manager, Windows PowerShell, and System Center Virtual Machine Manager for large environments.
This document provides an overview of Microsoft Virtual Academy training on Hyper-V and System Center 2012. It outlines an introductory course in the first half that covers Hyper-V infrastructure, networking, storage and management. After a meal break, the second half covers advanced Hyper-V topics like high availability, integration with System Center Virtual Machine Manager, and other System Center components. The document also shares technical details on Hyper-V storage options, performance improvements in Windows Server 2012, and benefits of using file storage for virtualization.
This document provides an overview of Microsoft's Virtual Academy training on Hyper-V and virtualization. It outlines an introductory first half focusing on Hyper-V infrastructure, networking, storage and management. After a meal break, the second half covers Hyper-V networking technologies like VMQ, SR-IOV and the extensible switch, as well as integration with System Center and other Microsoft virtualization products. Frequently asked networking questions are also addressed at a high level.
This document provides an overview of a training course on Microsoft's Hyper-V virtualization platform. The course is divided into two halves with breaks in between sections. The first half covers introductory topics like Hyper-V infrastructure, networking, storage and management. The second half focuses on more advanced topics such as high availability, integration with System Center, and other Microsoft virtualization technologies. The document also includes several pages on Hyper-V concepts like NUMA support, dynamic memory, and differences between the Hyper-V Server and Windows Server editions.
Windows Server 2012 R2 Jump Start - WEBPaulo Freitas
This document provides an overview of topics that will be covered over two days of training on Windows Server 2012 R2 and System Center 2012 R2. Day 1 will cover server virtualization, cloud networking, storage, and server management automation. Day 2 will focus on virtual desktop infrastructure (VDI), access and information protection, and web application platforms. Links are provided to download the Windows Server 2012 R2 and System Center 2012 R2 previews and access hands-on labs.
Windows Server 2012 R2 Jump Start - AIPPaulo Freitas
The document outlines a two day training on Windows Server 2012 R2 and System Center 2012 R2. Day 1 covers new features of Windows Server 2012 R2 including server virtualization, cloud optimized networking, and storage. Day 2 focuses on server management, VDI, access and information protection, and web applications. The document also provides information on downloading the Windows Server 2012 R2 and System Center 2012 R2 previews and an upcoming System Center 2012 R2 Jumpstart event.
Windows Server 2012 R2 Jump Start - IntroPaulo Freitas
The document outlines a two day training agenda on Windows Server 2012 R2. Day 1 covers server virtualization, cloud networking, storage, and Day 2 covers server management, VDI, access protection, and web applications. It also includes links to download Windows Server 2012 R2 and System Center 2012 R2 previews and hands-on labs.
Windows Server 2012 R2 Jump Start - IntroPaulo Freitas
The document outlines an agenda for introducing new features of Windows Server 2012 R2 over two days. Day 1 will cover server virtualization, cloud optimized networking, and storage enhancements. Day 2 focuses on server management and automation improvements, virtual desktop infrastructure (VDI), access and information protection, and enhancements to the web application and platform. The document also discusses challenges IT organizations face around efficient datacenter operations and opportunities around offering differentiated cloud services and enabling mobile access. It summarizes new capabilities in various Windows Server 2012 R2 areas like virtualization, networking, storage, management, development, access and information protection, and VDI.
The document shows different types of database objects and their relationships in SQL Server. It includes system views, stored procedures, functions, tables, indexes and other objects. Arrows indicate relationships between objects like inheritance, dependencies and foreign keys.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
4. Benefits of a Multi-Site Cluster
Protects Against Loss of an Entire Datacenter
Power outage, fires, hurricanes, floods, earthquakes, terrorism
Automates Failover
Reduced downtime
Lower complexity of disaster recovery plan
Reduces Administrative Overhead
Automatically synchronize application and cluster changes
Easier to keep consistent than unclustered servers
What is the primary reason why disaster recovery solutions fail?
Dependence on People
7. Site B
Multi-Site Clustering Basics
2+ physically separate sites
1+ node at each site
Storage at each site with data replication
Application moves during
a failover
Site A
SANSAN
8. Redundancy Everywhere
2 or more computers (nodes)
2 NICs
3rd NIC for iSCSI
HBA
Fibre Channel (FC)
Serial Attached-SCSI (SAS)
Multipath IO (MPIO)
Redundant Storage Interconnects
Replicated Storage
OS, Service or Application HA Roles
9. Mix and Match Hardware
You Can Use Any Hardware Configuration if
Each component has a Windows Server 2008 / R2 logo
Servers, Storage, HBAs, MPIO, etc…
It passes Validate
It’s That Simple!
Connect your Windows Server 2008 / R2 logo’d hardware
Pass every test in Validate
It is now supported!
If you make a change, just run Validate again
Details: http://go.microsoft.com/fwlink/?LinkID=119949
10. FCCP
Failover Cluster Configuration Program
Windows Server 2008 / R2
Buy validated solutions
“Validated by Microsoft Failover Cluster Configuration Program”
Not required for Microsoft support, must be logo’d
More information:
http://www.microsoft.com/windowsserver2008/en/us/clusterin
g-program.aspx
12. Cluster Validation and Replication
Multi-Site clusters are not
required to pass the Storage
tests to be supported
Validation guide and policy:
http://go.microsoft.com/
fwlink/?LinkID=119949
14. Why is Replication Needed?
Loss of a site won’t cause complete data loss
Data must exist on other site after a failover
Different storage needs than local clusters
Multiple storage arrays, independent on each site
Nodes usually access local site’s storage first
Site A
Changes are made on Site A
and replicated to Site B
Site B
Replica
15. Replication Solutions
Replication Levels
Hardware (block level) storage-based replication
Software (file system level) host-based replication
Application-based replication
Exchange Server 2007 CCR
Replication Types
Synchronous
Asynchronous
A data replication mechanism between sites is needed
16. Synchronous Replication
Host receives “write complete” response from the storage after
the data is successfully written on both storage devices
Primary
Storage
Secondary
Storage
Write
Complete
Replication
Acknowledgement
Write
Request
17. Asynchronous Replication
Host receives “write complete” response from the storage after
the data is successfully written to the primary storage device
Primary
Storage
Secondary
Storage
Write
Complete
Replication
Write
Request
18. Synchronous vs. Asynchronous
Synchronous Asynchronous
No data loss Potential data loss on
hard failures
Requires high
bandwidth/low
latency connection
Enough bandwidth to keep
up with data replication
Stretches over
shorter distances
Stretches over
longer distances
Write latencies impact
application performance
No significant impact on
application performance
19. What About DFS-Replication?
DFS-R performs replication on file close
Some file types stay open for a very long time
VHDs for Virtual Machines
Databases for SQL Server
Data could be lost during a failover if it had not yet replicated
Using DFS-R to replicate the cluster disk’s data
in a multi-site Failover Cluster is not supported
20. Disk Resource
Resource Group
Custom Resource
(manages replication)
IP Address
Resources*
Network Name
Resource
Establishes
start order
timing
Group
determines
smallest unit of
failover
Resource Dependencies
Workload Resource (example File Server)
“ depends on ”
22. Site B
Network Considerations
Cluster nodes can reside in different subnets (2008/R2)
No need to connect nodes with VLANs
Site A
10.10.10.1 20.20.20.1
30.30.30.1
40.40.40.1
Public
Network
Separate
Network
23. Stretching the Network
Longer distance means greater network latency
Too many missed health checks can cause false failover
Fully configurable in 2008/R2
Failover Clustering has NO DISTANCE & NO SUBNET LIMITATIONS
Check if your vendor’s hardware / replication has limitations
SameSubnetDelay (default = 1 second)
Frequency heartbeats are sent
SameSubnetThreshold (default = 5 heartbeats)
Missed heartbeats before an interface is considered down
CrossSubnetDelay (default = 1 second)
Frequency heartbeats are sent to nodes on dissimilar subnets
CrossSubnetThreshold (default = 5 heartbeats)
Missed heartbeats before an interface is considered down to nodes on dissimilar subnets
Command Line: Cluster.exe /prop
PowerShell (R2): Get-Cluster | fl *
24. Security Over the WAN
Improved Security
Prevent Clients from Connecting to Networks
Encrypt Intra-cluster Traffic
0 = clear text
1 = signed (default)
2 = encrypted
25. IP Address
Resource B
IP Address
Resource A
Enhanced Dependencies – OR
Network Name resource stays up if either
IP Address Resource A OR IP Address Resource B is up
Network Name Resource
OR
26. Disk Resource
Workload Resource (example File Server)
IP Address
Resources A
Network Name
Resource
Resource Dependencies
IP Address
Resources B
Comes online
on site A
Comes online
on site B
OR
Custom App
(replication)
28. DNS Updates
Nodes in dissimilar subnets
Failover changes resource’s IP Address
Clients need that new IP Address from DNS to reconnect
10.10.10.111 20.20.20.222
DNS Server 1 DNS Server 2
DNS Replication
Record Updated
Record Created
Record Obtained
FS = 10.10.10.111
Record Updated
FS = 20.20.20.222
Site A Site B
29. Network Name Properties
RegisterAllProvidersIP (default = 0 for FALSE)
Determines if all IP Addresses for a Network Name will be registered by DNS
TRUE (1): IP Addresses can be online or offline and will still be registered
Ensure application is set to try all IP Addresses, so clients can come online quicker
HostRecordTTL (default = 1200 seconds)
Controls time the DNS record lives on client for a cluster network name
Shorter TTL: DNS records for clients updated sooner
Exchange Server 2007 recommends a value of five minutes (300 seconds)
30. Local Failover First
Local failover first
No change in IP Address
Cross-site failover for disaster recovery
10.10.10.111
DNS Server 1 DNS Server 2
FS = 10.10.10.111
Site A Site B
20.20.20.222
FS = 20.20.20.222
31. Failover Order
Preferred Owners
Local failover first
Possible Owners Always Enforced
Resource will not start on
non-possible owner
AntiAffinityClassNames
Groups with same AACN try to
avoid moving to same node
http://msdn.microsoft.com/en-us/
library/aa369651(VS.85).aspx
32. Virtual LAN (VLAN)
Deploying a VLAN minimizes client reconnection times
Can be harder to configure
Required for SQL & live migration
10.10.10.111
DNS Server 1 DNS Server 2
FS = 10.10.10.111
Site A Site B
VLAN
10.10.10.111
35. Quorum Overview
Node majority
Node and File Share majority
Disk only (not recommended)
Node and Disk majority
Vote Vote Vote VoteVote
Majority is greater than 50%
Possible Voters:
Nodes (1 each), Disk Witness (1 max), File Share Witness (1 max)
4 Quorum Types
36. Node and Disk Majority
Nodes get 1 vote each and Disk gets vote
Loss of disk or node OK if majority is maintained
Do not use in multi-site clusters unless directed by vendor
Vote VoteVote
Replicated Storage
from vendor
?
37. Node Majority
Site BSite A
Cross site network
connectivity broken!
Can I communicate
with majority of the
nodes in the cluster?
Yes, then Stay Up
Can I communicate
with majority of the
nodes in the cluster?
No, drop out of
Cluster Membership
5 Node Cluster:
Majority = 3
SAN SAN
Majority in
Primary Site
38. Node Majority
Site BSite A
Disaster at Site 1
We are down!
Can I communicate
with majority of the
nodes in the cluster?
No, drop out of
Cluster Membership
SAN SAN
Majority in
Primary Site
5 Node Cluster:
Majority = 3
39. Forcing Quorum
Always understand why quorum was lost
Used to bring cluster online without quorum
Cluster starts in a special “forced” state
Once majority achieved, no more “forced” state
Command line:
net start clussvc /forcequorum (or /fq)
PowerShell (R2):
Start-ClusterNode –FixQuorum (or –fq)
40. Site A
Multi-Site With File Share Witness
Site B
WAN
Site C
SAN SAN
FooCluster1
Complete resiliency and
automatic recovery from
the loss of any 1 site
File Share
Witness
Replicated Storage
from vendor
41. WAN
Site A
Multi-Site With File Share Witness
Site B
Site C
SAN SAN
Complete resiliency and
automatic recovery from
the loss of any 1 site
File Share
Witness
Replicated Storage
from vendor
FooCluster1
42. WAN
Site A
Multi-Site With File Share Witness
Site B
Site C
SAN SAN
Complete resiliency and
automatic recovery from
the loss of the File
Share Witness
File Share
Witness
Replicated Storage
from vendor
FooCluster1
43. FSW Considerations
Simple Windows File Server
Needs to be in the same forest
Running Windows Server® 2003,
2008 or 2008 R2
Recommended to be at 3rd separate site
Single file server can serve
as a witness for multiple clusters
Each cluster requires its own share
Can be clustered in a second cluster
FSW cannot be on a node in the same cluster
It is an additional voter for free (almost)
45. Quorum Model Summary
No Majority: Disk Only
Note Recommended
Only use as directed by vendor
Node and Disk Majority
Only use as directed by vendor
Node Majority
Odd number of nodes
Node and File Share Majority
Best availability solution
Recommended for
Exchange Server 2007 CCR
47. Cluster your Branch Offices
Cluster several standalone File Servers from branch offices
Keep network traffic low
High-Availability for the files
Redundancy for the data
Site BSite A
Clients primarily
accessing
applications in
Site A
Clients primarily
accessing
applications in
Site B
48. Multi-Site Across the Enterprise
More distributed cluster nodes & clusters gives higher availability
Complete resiliency and automatic failover
Remember your quorum model
Loss of any single site should not bring down the cluster
File Share Witness
1 File Server hosts all File Share Witnesses for multiple clusters
Make it highly-available
Separate site
Not a node in that same cluster
Cluster 1, Site 1
Cluster 2, Branch 1
Cluster 2, Main Office
Cluster 2, Branch 2
Cluster 1, Site 2 Cluster 3, Many FSWs
49. WANSite A
Multi-Site Clustering Review
Site B
Site C
SAN SAN
4, 6, 8… nodes + FSW = odd # votes
Local failover first (preferred owner)
Site failover second (possible owner)
AntiAffinityClassNames
File Share
Witness
Replicated Storage from vendor
Faster DNS Updates
Register all IPs for a Network Name
Shorten client’s DNS record TTL
Ensure application tries all IPs
Encrypt WAN traffic for security
Adjust health checks for latency
Configure ‘OR’ dependencies
50. Session Summary
Multi-Site Failover Clustering has many benefits
Variety of hardware options & configurations
Redundancy is needed everywhere
Understand your replication needs
Compare VLANs with multiple subnets
Plan your quorum model & nodes before deployment
Follow the checklist and best practices
http://technet.microsoft.com/en-us/library/dd197546.aspx
51. Are You Up For
a Challenge?
Become a Cluster MVP!
Contact: ClusMVP@microsoft.com
Passion for High Availability?
52.
53. www.microsoft.com/teched
Sessions On-Demand & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learning
Microsoft Certification and Training Resources
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources
54. Related Content
Breakout Sessions
WSV310 Failover Clustering Feature Roadmap for Windows Server 2008 R2
WSV313 Innovating High Availability with Cluster Shared Volumes (CSV)
WSV316 Multi-Site Clustering with Windows Server 2008 Enterprise
VIR311 From Zero to Live Migration. How to Set Up a Live Migration
DAT302 All You Need to Know about Microsoft SQL Server 2008 Failover Clusters
DAT306 Building a HA Strategy for Your Enterprise Using Microsoft SQL Server 2008
DAT322 Tips and Tricks for Successful Database Mirroring Deployments with Microsoft SQL Server
WSV311 High Availability and Disaster Recovery Considerations for Hyper-V
WSV315 Implementing Hyper-V on Clusters (High Availability)
UNC313 High Availability in Microsoft Exchange Server "14"
UNC402 Microsoft Exchange Server 2007 HA and Disaster Recovery Deep Dive
BOF52 Microsoft Exchange Server 2007 HA and Disaster Recovery: Are You Prepared?
Interactive Sessions
WSV01-INT Failover Clustering Unleashed with Windows Server 2008 R2
UNC02-INT Designing Microsoft Exchange Server "14" High Availability Solutions
Hands on Labs
WSV16-HOL Windows Server 2008 R2: Failover Clustering
VIR03-HOL Implementing Windows Server 2008 Hyper-V HA and Quick Migration
DAT12-HOL Microsoft SQL Server 2008 Database Mirroring, Part 1
DAT13-HOL Microsoft SQL Server 2008 Database Mirroring, Part 2
UNC12-HOL Microsoft Exchange Server "14" High Availability and Storage Scenarios
55. Track Resources
Cluster Team Blog: http://blogs.msdn.com/clustering/
Cluster Information Portal:
http://www.microsoft.com/windowsserver2008/en/us/clustering-home.aspx
Clustering Technical Resources:
http://www.microsoft.com/windowsserver2008/en/us/clustering-resources.aspx
Clustering Forum (2008):
http://forums.technet.microsoft.com/en-US/winserverClustering/threads/
Clustering Forum (2008 R2): http://social.technet.microsoft.com/Forums/en-
US/windowsserver2008r2highavailability/threads/
Clustering Newsgroup: http://www.microsoft.com/communities/newsgroups/list/en-
us/default.aspx?dg=microsoft.public.windows.server.clustering
Failover Clustering Deployment Guide: http://technet.microsoft.com/en-us/library/dd197477.aspx
TechNet: Configure a Service or Application for High Availability:
http://technet.microsoft.com/en-us/library/cc732478.aspx
TechNet: Installing a Failover Cluster: http://technet.microsoft.com/en-us/library/cc772178.aspx
TechNet: Creating a Failover Cluster: http://technet.microsoft.com/en-us/library/cc755009.aspx
Webcast (2008 R2): Introduction to Failover Clustering:
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032407190&Culture=en-US
Webcast (2008 R2): HA Basics with Hyper-V:
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032407222&Culture=en-US
Webcast (2008 R2): Cluster Shared Volumes (CSV):
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032407238&Culture=en-US
56. Windows Server Resources
Make sure you pick up your
copy of Windows Server 2008
R2 RC from the Materials
Distribution Counter
Learn More about Windows Server 2008 R2:
www.microsoft.com/WindowsServer2008R2
Technical Learning Center (Orange Section):
Highlighting Windows Server 2008 and R2 technologies
• Over 15 booths and experts from Microsoft and our partners