Follow


Overview

The witness is an arbitrator entity that acts as quorum in case of failure. It resides in a third site, separate from the two InfiniBox systems involved in Active-Active replication. It is a lightweight, stateless software deployed as a virtual machine (VM). 

When a replication failure occurs, the witness determines which system remains active based on:

  • the witness' connectivity to the systems
  • the properties of each replica 

If both systems can communicate with the witness, the witness decides which takes over.

A witness VM can serve up to 25 InfiniBox systems.


For more information about the witness role in Active-Active replication, see Active-Active replication

This guide explains the deployment and setup of the witness VM.

Infinidat strongly recommends that you use a witness system when you deploy Active-Active replication.

To use Active-Active replication without a witness, enter the witness address as 0.0.0.0. Be advised that if you choose this method and the preferred system goes offline, the replicated volumes will also go offline.

Downloading the witness VM

Download the witness latest OVA package for VMware vSphere from https://repo.infinidat.com/home/main-stable.

Contact Infinidat support if you want to download a package for Hyper-V.

The witness package size is about 800MB.

Requirements

General requirements

Install the witness on a third site that acts as a separate failure domain from the InfiniBox systems it monitors.

Virtual HW requirements for the witness:

  • 2 virtual CPU cores
  • 4GB RAM
  • 50GB virtual disk (with 10ms max latency for small writes)

Access to the witness console requires authentication.

  • The default user name is admin and the default password is admin 
  • It is recommended to modify the password after installing the witness

Network requirements

The witness requires a single IP address. This can be configured via DHCP (default) or manually.

The InfiniBox systems communicate with the witness IP address over TCP port 443. Occasionally, when troubleshooting issues, Infinidat support may need access from the InfiniBox system to the witness via SSH (i.e. on TCP port 22) and ICMP. 

If a firewall exists, ensure that it allows access from the three InfiniBox node IP addresses to the witness IP address on these ports.

Hypervisor requirements

To improve the witness resilience:

  • It is highly recommended that the host network connection be redundant.
  • It is recommended that the hypervisor host be in a cluster (a vSphere H/A Cluster or a Hyper-V cluster).

Additional restrictions:

  • The witness VM datastore cannot reside on any of the InfiniBox systems it is monitoring.
  • The witness VM cannot be replicated or restored from a snapshot  .

Deploying a witness VM

Deploying a witness VM on VMware vSphere

  1. Launch VMware vSphere Client, and from the Actions menu, select Deploy OVF Template.
  2. Select the downloaded OVA template file.
      
  3. In the deployment wizard, specify the witness VM name, folder location, and the vSphere host or cluster.

    When selecting the storage location, do not select a storage hosted on any of the InfiniBox systems this witness will be protecting. 

  4. When the VM details appear, review the advanced configuration options.
  5. Select a VM storage location and a network.

Deploying a witness VM on Hyper-V

  1. Download the witness VHD file to the Hyper-V server, and move the downloaded image to your virtual hard disks folder.
  2. Launch Hyper-V Manager, and from the Actions menu, select New > Virtual Machine. The New Virtual Machine Wizard opens.
  3. In the Specify Name and Location page, enter a name for the witness virtual machine.
  4. In the Specify Generation page, select Generation 1.
  5. In the Assign Memory page, change the memory setup to 4096 MB.
  6. In the Configure Networking page, change the network connection to a virtual switch where the witness virtual machine can communicate with the InfiniBox systems.
  7. In the Connect Virtual Hard Disk page, change the virtual hard disk setting to Use and existing virtual hard disk, and browse to the location where you downloaded the VHD file.
  8. In the Completing the New Virtual Machine Wizard page, review the virtual machine summary, and click Finish.
  9. In the Hyper-V Manager, select the new witness VM, and from the Actions menu, select Settings.
  10. Select Processor from the left navigation menu, and change the Number of virtual processors to 2.
  11. Click OK.
  12. Click Start to power on the virtual machine.

Configuring the witness 

Configuring the witness network

  1. Once the VM import is complete, power on the VM and open the console to configure the network settings.
  2. To log in to the witness CLI for the first time, use the user admin with the initial password admin. The witness requires you change the password immediately.

    When prompted to change the password, enter the initial admin password at the (current) UNIX password prompt, and then enter the new password.
  3. Once you are logged in to the witness, use the commands to easily configuration the witness network.

The following commands are available:

CommandDescription
change_hostnameChange the witness hostname
network_setup Set up a static IP address or DHCP
network_info Show the static IP address or the DHCP info
passwd Change the witness admin password
version Show the current witness version; include -d for additional version information

You can use the help command at any point to see the available options.

Use the network_setup command to set up the network configuration of the witness.

After the witness network is set up, it can be connected to the InfiniBox systems' replication link.

See InfiniBox Best Practices Guide for Setting Up the Replication Service for more information regarding network setup.

Upgrading the witness 

 We recommend using the latest witness version.

If the InfiniBox systems have different major releases, use the latest version.

Upgrading procedure

To upgrade the witness, install the new witness on a new virtual machine (VM), and take down the old witness if it is no longer needed.

There are two options for defining a new witness:

Option 1: Keep the existing witness IP address

  1. Take down the old witness VM. Replication will continue in Preferred only mode.
  2. Install the new witness on a new VM with the existing IP address. Make sure that systems can access the new VM.

The systems will automatically detect that a witness is now available and return to "witness" mode.

Option 2: Use a new witness IP address

  1. Install the new witness on a new VM with a new IP address. Ensure that the new VM is accessible and viewable to the systems.
  2. Update the new witness IP address on the link for one of the systems. This will update both systems.
  3. Take down the old witness VM if it is no longer needed.




Was this article helpful?
1 out of 1 found this helpful

1 out of 1 found this helpful

Last edited: 2022-05-09 13:35:10 UTC

Comments