The witness is an arbitrator entity residing in a 3rd site (separate from the two InfiniBox systems involved in Active-Active replication), that acts as quorum in case of failure. It is a lightweight stateless software deployed as a VM. 

When a replication failure occurs, the decision which system remains active is based on the witness' connectivity to the systems and each replica properties. As long as both systems can communicate with the witness, it will make the take-over decisions.

A witness VM can serve up to 25 InfiniBox systems.

For more information about the witness role in Active-Active replication, see Active-Active replication

This guide will go through the deployment and setup of the witness VM.

Infinidat strongly recommends that you use a witness system when you deploy Active-Active replication.

Should you want to use Active-Active replication without a witness, enter the witness address as Be advised that if you choose this method, if the preferred system goes offline, the replicated volumes will also go offline.

Downloading the witness VM

Download the witness latest OVA package from

The witness OVA package is about 700MB.


General Requirements

The witness should be installed on a 3rd site, acting as a separate failure domain from the InfiniBox systems it monitors

The witness has the following virtual HW requirements

  • 2 virtual CPU cores
  • 4GB RAM
  • 50GB virtual disk (with 10ms max latency for small writes)

Access to the witness console is authenticated

  • The default user name is admin and the default password is admin 
  • It is recommended to modify the password after installing the witness

Network Requirements

The witness requires a single IP address, which can be configured via DHCP (default) or manually.

The InfiniBox systems communicate with the witness IP address on TCP port 443. Occasionally, when troubleshooting issues, Infinidat support may need access from the InfiniBox system to the witness via SSH (i.e. on TCP port 22) and ICMP. 

Verify that the firewall, if it exists, allows access from the three InfiniBox node IP addresses to the witness IP address on these ports.

VMware vSphere Requirements

The witness must be installed on vSphere version 5.1 or newer

In order to improve the witness resilience

  • It is highly recommended that the vSphere host network connection will be redundant
  • It is recommended that the vSphere host will be in a vSphere H/A Cluster

Additional restrictions

  • The witness VM datastore cannot reside on any of the InfiniBox systems it is monitoring
  • The witness VM cannot be replicated or restored from a snapshot  

Deploying a witness VM

Deploying a witness VM on VMware vSphere

Launch VMware vSphere Client, and select “Deploy OVF Template...”

Choose the downloaded OVA:


Follow the deployment wizard to specify the witness VM name, folder location, vSphere host or cluster

When the VM details appear, acknowledge the extra configuration:

Continue to choose storage for the VM and a network.

When choosing the storage location, do not choose a storage hosted on any InfiniBox system this witness will be protecting. 

Configuring the witness 

Configuring the witness network

Once the VM import is complete, power on the VM and open the console to configure the network settings.

To login to the witness CLI for the first time, use the user admin with the initial password admin. The witness requires you change the password immediately:

When prompted to change the password, please enter the initial admin password at the (current) UNIX password prompt, and then enter the new password.

Once you logged-in to the witness, setup is very simple. The commands available:

change_hostnameChange the witness hostname
network_setup Set up a static IP or DHCP
network_info Show the static IP or the DHCP info
passwd Change the witness admin password
version Show the current witness version, -d will give additional version info

At any point you can use the help command to see the available options:

Use the network_setup command to setup the network configuration of the witness:

After setting up the witness network it can be connected to the InfiniBox systems replication link.

See InfiniBox Best Practices Guide for Setting up the Replication Service for more information regarding network setup.

Upgrading the witness 

 We recommend using the latest witness version. It is in the same major release as the InfiniBox systems. 

If the InfiniBox systems have different major releases, use the latest version.

Upgrading procedure

Upgrading the witness requires installing the new witness on a new virtual machine (VM), and taking down the old witness if it is no longer needed.

There are 2 options for defining a new witness:

Option 1: Keep existing witness IP

  1. Take down the old witness VM. Replication will continue in Preferred only mode.
  2. Install the new witness on a new VM with the existing IP. Make sure that systems can access the new VM.

The systems will automatically detect that a witness is now available and return to "witness" mode.

Option 2: Use a new witness IP

  1. Install the new witness on a new VM with a new IP. Make sure that the new VM is accessible and viewable  to the systems.
  2. Update the new witness IP on the link for one of the systems (this will update both systems).
  3. Take down the old witness VM if it is no longer needed.

Was this article helpful?
1 out of 1 found this helpful

1 out of 1 found this helpful

Last edited: 2021-04-06 16:43:27 UTC