Create Failover cluster and SSO cluster on Azure VMs

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

This blog is a step to step guide on how to create failover cluster and SSO cluster on Azure VMs.

 

 

Create the Azure VMs, and configure the domain

 

  1. First we need to create VMs for cluster. In this example I have created one node as the domain controller, two SQL server nodes, and one Biztalk server node on Azure. For DC and BTS node we can just select Windows (Windows Server 2019 Datacenter). For SQL servers we can select the SQL Server 2019 Enterprise on Windows Server 2019 image.  These VMs are configured to be in the same domain.
  2. In this example the domain name is: hl.test

 

Create the SQL nodes

huidongliu_0-1669712383232.png

 

For the disk, select the premium SSD

huidongliu_1-1669712383242.png

 

 

Configure the storage for SQL servers

huidongliu_2-1669712383267.png

 

Create the Failover Cluster on SQL nodes

 

  1. On each SQL node, open Server Manager, select "Add Roles and Features".

huidongliu_0-1669713137840.png

 

  1. Select "Role-based or feature-based installation"

huidongliu_1-1669713137855.png

 

  1. Select the node

huidongliu_2-1669713137871.png

 

  1. Next

huidongliu_3-1669713137891.png

 

  1. Select "Failover Clustering" and failover clustering tools

huidongliu_4-1669713137911.png

 

  1. Select the following features:

huidongliu_5-1669713137933.png

 

  1. Once created and restarted, open failover cluster manager, and run validate configuration

huidongliu_6-1669713137943.png

 

 

huidongliu_7-1669713137947.png

 

huidongliu_8-1669713137952.png

 

 

huidongliu_9-1669713137957.png

 

 

  1. View Report

huidongliu_10-1669713137961.png

 

For Azure VMs it is normal to have the following warnings since we have not configured any disks yet.

huidongliu_11-1669713137967.png

 

 

huidongliu_12-1669713137974.png

 

huidongliu_13-1669713137980.png

 

  1. Go back to failover cluster manager, right-click and select "Create cluster..."

huidongliu_14-1669713137983.png

 

Select the two SQL nodes

huidongliu_15-1669713137985.png

 

Give the cluster a name, and an IP address that does not overlap with any existing IPs in this domain.

huidongliu_16-1669713137989.png

 

huidongliu_17-1669713137991.png

 

huidongliu_18-1669713137994.png

 

  1. Once the cluster is created, you are able to see it in the Failover cluster manager

huidongliu_19-1669713138004.png

 

huidongliu_20-1669713138006.png

 

Create storage

There are two ways to create the storage:

 

 

  1. To create the Azure share disk, first Deploy a managed Premium SSD disk with the shared disk feature enabled, and then attach the disk to VMs.  

In the VMs, go to Disks, select create and attach a new disk, choose the Premium SSD and the size you need. A new disk will be created. In my example the sql00_DataDisk_0 and sql00_DataDisk_1 are created when I deployed the SQL VM, you can use as shared disk or create a new shared disk and attach it to all the nodes.

 

huidongliu_0-1669713257157.png

 

Detach the disk first, and change the configuration of the disk to Enable shared disk, and max shares to the number of the nodes in your cluster.

huidongliu_1-1669713257169.png

 

 

Attach the disk again to both VMs.

huidongliu_2-1669713257188.png

 

  1. Initialize shared disk

From inside the VM, open the Start menu and type diskmgmt.msc in the search box to open the Disk Management console.

Disk Management recognizes that you have a new, uninitialized disk and the Initialize Disk window appears.

 

huidongliu_3-1669713257194.png

 

Verify the new disk is selected and then select OK to initialize it.

The new disk appears as unallocated. Right-click anywhere on the disk and select New simple volume. The New Simple Volume Wizard window opens.

huidongliu_4-1669713257202.png

 

Proceed through the wizard, keeping all of the defaults, and it will ask you to Format new disk. When the formatting is complete, select OK.

huidongliu_5-1669713257208.png

 

Repeat these steps on each SQL Server VM that will participate in the FCI.

 

Add shared disks to cluster

 

On the failover cluster manager, select storage->Disks, right-click and select Add Disk

huidongliu_6-1669713301728.png

 

Choose the Azure shared disk showed in the window

huidongliu_7-1669713301729.png

 

Failover cluster installation on SQL server

 

  1. On the first SQL node, open SQL server installation center, select "New SQL Server failover cluster installation", and follow the steps to install a New SQL server failover cluster.
  2. Locate the installation media. If the virtual machine uses one of the Azure Marketplace images, the media is located at C:\SQLServer_<version number>_Full.

huidongliu_8-1669713344021.png

 

 

huidongliu_9-1669713344029.png

 

 

huidongliu_10-1669713344036.png

 

huidongliu_11-1669713344043.png

 

 

huidongliu_12-1669713344051.png

 

 

  1. Check data and log drive

huidongliu_13-1669713344058.png

 

 

  1. Create and IP address for the SQL failover cluster, which does not overlap with existing IPs in the same domain. And please also make sure this IP address is within the same subnet and VNET of the Azure VMs.

huidongliu_14-1669713344064.png

 

  1. Complete the installation. Specifics are in the screenshot

huidongliu_15-1669713344074.png

 

 

huidongliu_16-1669713344080.png

 

On the Database Engine Configuration page, ensure the database directories are on the Azure shared disk(s).

huidongliu_17-1669713344088.png

 

 

huidongliu_18-1669713344094.png

 

 

huidongliu_19-1669713344099.png

 

 

huidongliu_20-1669713344104.png

 

 

  1. On the second node, select "Add node to a SQL server failover cluster"

huidongliu_21-1669713344109.png

 

 

huidongliu_22-1669713344112.png

 

 

huidongliu_23-1669713344117.png

 

 

huidongliu_24-1669713344121.png

 

 

huidongliu_25-1669713344125.png

 

  1. After installation is done, there is a SQL cluster role created. You can check the resources on Failover Cluster Manager.

huidongliu_26-1669713344129.png

 

 

Create a load balancer

 

Usually for on-prem VMs, the cluster is ready for use at this point. However for Azure VMs, in order for the cluster IP to be reached over the network, we need to create a load balancer and set up rules to make the IP address accessible.

  1. In the same Azure resource group, create a load balancer, select the standard SKU, same regions as the VNET. For type, select “Internal

huidongliu_0-1669713521581.png

 

  1. Add a frontend IP address. The IP is the SQL cluster IP.

huidongliu_1-1669713521586.png

 

  1. Create the backend pool, choose the two Azure VMs

huidongliu_2-1669713521595.png

 

  1. Create the health probe, with TCP protocol. For port give it a unique port number like 59999. Set interval to be 5 seconds and unhealthy threshold to be 2.

huidongliu_3-1669713521598.png

 

  1. Add a load balancing rule:

In my test case, I used the Dynamic port and in the load balancing rule I used “HA ports

Use HA ports if the SQL TCP port is Dynamic

huidongliu_4-1669713521602.png

 

huidongliu_5-1669713521614.png

If you use static port, then specify the port number 1433 in the load balancer rule.

 

huidongliu_6-1669713521628.png

 

huidongliu_7-1669713521632.png

 

  1. Go back to VM: Run this script in powershell, the $ClusterNetworkName can be found in the Networks tab in the Failover cluster, and the $IPResourceName can be found by double clicking the IP address of the SQL cluster.

 

 

 

 

 

 

$ClusterNetworkName = "Cluster Network 1" $IPResourceName="SQL IP Address 1 (SQLFCI)" $ILBIP="10.1.0.12" [int]$ProbePort = 59999 Import-Module FailoverClusters Get-ClusterResource $IPResourceName | Set-ClusterParameter -Multiple @{"Address"= "$ILBIP";"ProbePort"=$ProbePort;"SubnetMask" ="255.255.255.255";"Network"="$ClusterNetworkName";"EnableDhcp"=0} Get-ClusterResource "SQL IP Address 1 (SQLFCI)"| Get-ClusterParameter

 

 

 

 

 

 

 

 

huidongliu_8-1669713521639.png

 

 

huidongliu_9-1669713521647.png

 

 

       Run the script to configure the port  for the cluster.

huidongliu_10-1669713521680.png

 

Then we just need to take the FCI offline and online by fail it over to another node

 

Also please make sure to add firewall rules to allow inbound for TCP and UDP ports

Click windows->search for run-> type wf.msc

 

If you use dynamic port then we need to allow inbound ports for

  • TCP all ports
  • UDP all ports

huidongliu_11-1669713521684.png

 

Install SSO on SQL server

 

  1. Install BizTalk SSO component on active sql node

huidongliu_0-1669713617374.png

 

  1. Configure the SSO on the active node. Create new SSO system.

huidongliu_1-1669713617379.png

 

 

huidongliu_2-1669713617384.png

 

 

huidongliu_3-1669713617387.png

 

  1. Install and configure SSO on second SQL node, join an existing SSO system.

huidongliu_4-1669713617392.png

 

huidongliu_5-1669713617397.png

 

Update the master secret server name in the SSO database

 

On the active node, type in cmd to stop and start the ENTSSO

 

 

 

 

net stop entsso net start entsso

 

 

 

 

 

 

 

Paste the following code in a text editor, then save the file as an .xml file. For example, save the file as SSOCLUSTER.xml.

 

 

 

 

 

 

<sso> <globalInfo> <secretServer>ENTSSO</secretServer> </globalInfo> </sso>

 

 

 

 

 

 

In cmd, cd to C:\Program Files\Common Files\Enterprise Single Sign-On, and then run

 

 

 

 

 

ssomanage -updatedb XMLFile

 

 

 

 

 

The Master Secret Server Name is updated to “ENTSSO”

huidongliu_6-1669713670782.png

 

Create the clustered Enterprise SSO resource

 

  1. Go to Failover cluster manager->Configure a role->Generic Service

huidongliu_7-1669713736986.png

 

 

  1. Select Enterprise Single Sign-On Service

huidongliu_8-1669713736992.png

 

 

  1. Give the cluster a name and an IP address that does not overlap with any IP in this network.

huidongliu_9-1669713736997.png

 

  1. Click next for the following steps

huidongliu_10-1669713737001.png

 

huidongliu_11-1669713737005.png

 

 

huidongliu_12-1669713737009.png

 

  1. The SSO cluster role is created

huidongliu_13-1669713737017.png

 

  1. Now move ENTSSO role to the secode node, copy the bak file for the first node to the second node. Restore the secret on the second node,  if the restore/backup menu is gray, disable and enable the system to allow backup and restore.

huidongliu_14-1669713737036.png

 

 

 

huidongliu_15-1669713737058.png

 

 

  1.  Check the ENTSSO settings on the active node

huidongliu_16-1669713737065.png

On the second node:

huidongliu_17-1669713737069.png

Configure ENTSSO on Azure LB

 

  1. Add a frontend IP address which is the SSO IP 

huidongliu_0-1669713805032.png

 

  1. We do not need to add a backend pool and can use the same backend pool as the failover cluster. Then create a new health probe, and give a port number 60005

huidongliu_1-1669713805044.png

 

  1. Add load balancing rule

If you are using the fixed the SSO port, add the rule for the port 135, and each rule for each of the higher fixed port number.

 

huidongliu_2-1669713805062.png

You can use a higher fixed port for SQL and SSO cluster, you can test with 30000 range ports.

 

  • 30000 : EntSSO port
  • 30001 : local MSDTC port
  • 30002 : clustered MSDTC port #1
  • 30003 : clustered MSDTC port #2 (if more clustered SQL instances, usually customers have 2 SQL instances at least)
  • 30010 : clustered SQL port #1 (1st SQL instance)
  • 30011 : clustered SQL port #2 (2nd SQL instance)

huidongliu_3-1669713805069.png

 

huidongliu_4-1669713805085.png

If you are not sure which port ENTSSO is using, choose HA ports. In my case, I used the HA ports, and this is the only LB rule for SSO, and I did not open a range of ports and create extra rules for each of the port. This config is done differently than the reference above.

 

huidongliu_5-1669713805097.png

 

 

  1. On the active node of the SSO cluster, make sure to also execute this PowerShell-script, to set several cluster-parameters for this SSO-role, similar as what have been done for the SQL-roles. This time fill in the IP-address and name used for the SSO-cluster.

This command only has to be executed on a single node within the cluster, as this will connect the load balancer’s health probe, as configured in the Azure Portal, to this cluster role.

 

 

 

 

 

$ClusterNetworkName = "Cluster Network 1" $IPResourceName="IP Address 10.1.0.13" $ILBIP="10.1.0.13" [int]$ProbePort = 60005 Import-Module FailoverClusters Get-ClusterResource $IPResourceName | Set-ClusterParameter -Multiple @{"Address"= "$ILBIP";"ProbePort"=$ProbePort;"SubnetMask" ="255.255.255.255";"Network"="$ClusterNetworkName";"EnableDhcp"=0} Get-ClusterResource "IP Address 10.1.0.13" | Get-ClusterParameter

 

 

 

 

 

huidongliu_6-1669713805121.png

 

  1. Now I am able to ping this IP or cluster name from the BTS server

huidongliu_7-1669713805123.png

 

Install BizTalk on the BizTalk node

 

 

huidongliu_8-1669713866039.png

 

  1. You can either create a new SSO or join the existing SSO system. I have tested both approach and they all works.

Create new SSO

huidongliu_9-1669713866046.png

 

Or join existing SSO

huidongliu_10-1669713866051.png

 

  1. Then configure the Group and Runtime

huidongliu_11-1669713866062.png

 

huidongliu_12-1669713866069.png

 

huidongliu_13-1669713866074.png

 

huidongliu_14-1669713866077.png

 

On the BizTalk server, after configuration, SSO is running. If you created a new SSO, it would look like this.

 

huidongliu_15-1669713866083.png

 

 If you joined the existing SSO, which is “ENTSSO” in our case, it will look like this:

 

huidongliu_16-1669713866089.png

 

Test the BizTalk

 

  1. I configured a receive location and send port, connecting the cluster DB, no errors

huidongliu_17-1669713900550.png

 

 

huidongliu_18-1669713900554.png

 

 

huidongliu_19-1669713900559.png

 

 

huidongliu_20-1669713900562.png

 

  1. I also tested a File receive location and send port. It is working properly.

huidongliu_21-1669713900565.png

 

Now we have created a Failover and SSO cluster on Azure VMs and BizTalk is able to run on another VM and able to communicate with the cluster. 

 

References:

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.