The witness is an arbitrator entity residing in a 3rd site (separate from the two InfiniBox systems involved in Active-Active replication), that acts as quorum in case of failure. It is a lightweight stateless software deployed as a VM.
When a replication failure occurs, the decision which system remains active is based on the witness' connectivity to the systems and each replica properties. As long as both systems can communicate with the witness, it will make the take-over decisions.
For more information about the witness role in Active-Active replication, see Active-Active replication.
This guide will go through the deployment and setup of the witness VM.
Infinidat strongly recommends that you use a witness system when you deploy Active-Active replication.
Should you want to use Active-Active replication without a witness, enter the witness address as 0.0.0.0. Be advised that if you choose this method, if the preferred system goes offline, the replicated volumes will also go offline.
Downloading the witness VM
Download the witness latest OVA package from https://repo.infinidat.com/home/main-stable.
The witness OVA package is about 700MB.
The witness should be installed on a 3rd site, acting as a separate failure domain from the InfiniBox systems it monitors
The witness has the following virtual HW requirements
- 2 virtual CPU cores
- 4GB RAM
- 50GB virtual disk
Access to the witness console is authenticated
- The default user name is
adminand the default password is
- It is recommended to modify the password after installing the witness
The witness requires a single IP address, which can be configured via DHCP (default) or manually.
The InfiniBox systems communicate with the witness IP address on TCP port 443. Occasionally, when troubleshooting issues, Infinidat support may need access from the InfiniBox system to the witness via SSH, i.e. on TCP port 22.
VMware vSphere Requirements
The witness must be installed on vSphere version 5.1 or newer
In order to improve the witness resilience
- It is highly recommended that the vSphere host network connection will be redundant
- It is recommended that the vSphere host will be in a vSphere H/A Cluster
- The witness VM datastore cannot reside on any of the InfiniBox systems it is monitoring
- The witness VM cannot be replicated or restored from a snapshot
Deploying a witness VM
Deploying a witness VM on VMware vSphere
Launch VMware vSphere Client, and select “Deploy OVF Template...”
Choose the downloaded OVA:
Follow the deployment wizard to specify the witness VM name, folder location, vSphere host or cluster
When the VM details appear, acknowledge the extra configuration:
Continue to choose storage for the VM and a network.
When choosing the storage location, do not choose a storage hosted on any InfiniBox system this witness will be protecting.
Configuring the witness
Configuring the witness network
Once the VM import is complete, power on the VM and open the console to configure the network settings.
To login to the witness CLI for the first time, use the user
admin with the initial password
admin. The witness requires you change the password immediately:
adminpassword at the
(current) UNIX password prompt, and then enter the new password.
Once you logged-in to the witness, setup is very simple. The commands available:
|change_hostname||Change the witness hostname|
|network_setup||Set up a static IP or DHCP|
|network_info||Show the static IP or the DHCP info|
|passwd||Change the witness |
|version||Show the current witness version, -d will give additional version info|
At any point you can use the
help command to see the available options:
network_setup command to setup the network configuration of the witness:
After setting up the witness network it can be connected to the InfiniBox systems replication link.
See InfiniBox Best Practices Guide for setting up the Replication service for more information regarding network setup.
Upgrading the witness
We recommend using the latest witness that is at the same major release as the InfiniBox systems.
If the InfiniBox systems have different major releases, e.g. 5.x and 6.x, use the witness with the latter of the two, i.e. 6.x
Upgrading the witness requires installing the new witness on a new VM and taking down the old witness if it is no longer needed.
There are 2 options for defining a new witness:
Keep existing witness IP
- Take down the old witness VM. Replication will continue in a "Preferred only" mode
- Install of the new witness on a new VM with the old IP, make sure that the new VM is accessible to the systems.
- The systems will automatically detect that a witness is now available and return to "witness" mode
Use a new witness IP
- Install of the new witness on a new VM with new IP, make sure that the new VM is accessible to the systems.
- Update the new witness IP on the link on one of the systems (this will update both systems)
- Take down the old witness VM if it is no longer needed by other setups.