Virtual Disk Witness

In this topic:

About Witness

Witness configuration

Witness options

Setting the default witness option for the server group

Witness support in the DataCore Cmdlets

About Witness

The Virtual Disk Witness feature provides an additional layer of fault tolerance in the event that virtual disks lose all mirror access between storage sources through mirror and management communication paths.

When a virtual disk loses all mirror paths, management communication paths are used to inform the software which storage source is up-to-date so that host access to the storage source that is not up-to-date can be denied. When the management communication paths are also failed, this message cannot be conveyed to other servers in the group and host access could continue to the storage source that is not-up-to-date leading to a possible mismatch among the copies of data. The Witness feature provides an additional safeguard in this case. When the previously described failure event occurs and a witness is configured, the software issues a request asynchronously to all servers in the server group to attempt to contact the specified witness. Servers that are unable to contact the witness will deny host access to the virtual disk on that server. This determines which, if any, hosts are allowed server access when mirror and management communications paths become unavailable.

The administrator can configure a default witness for the server group or can assign a witness for specific virtual disks. Multiple witnesses can be added to the configuration and then configured for use with specified virtual disks and for different purposes. The default witness for the server group, of which there can only be one, is applied to all multi-copy virtual disks (mirrored and 3-copy virtual disks) that are not individually configured to use a specific witness.

The Witness feature is particularly useful in clustered environments or when mirrored virtual disks exist in different site locations and inter-site communication fails. The witness can be designated on either site depending on administrator preference.

Witness Configuration

A witness can be any network device that can be accessed by all servers in the server group and can respond to pings.

A witness is required to be configured with a static IP address (no DNS resolution). The device should be highly available with a high MTBF (mean time between failures). Once set, the witness can be changed as required.

For virtual disks with server storage sources in different physical locations, the witness should be local to one of the server locations. When there is an outage, ensure that only one server will have network access to the witness. This can be used to establish the preferred side in the event of failure.

  • DataCore Servers are not recommended as witnesses due to ongoing software updates and possible maintenance procedures that will require downtime and operating system restarts.
  • The witness cannot be modified if one of the servers in the group is offline. A default witness for the server group cannot be deleted when it is used explicitly as a witness for virtual disks. A witness cannot be removed if it is currently in use.
  • The timeout for a witness is three seconds. This value cannot be changed.

Witness Options

Witness options are used to control storage server behavior when an unsuccessful witness request is made. These options can be set for both the server group and specified virtual disks.

Possible witness options:

  • Static IP Address - A witness can be configured using a static IP address. In this case, host access to DataCore Servers is automatically selected based on witness contact responses. Servers that are unable to contact the witness will be denied access from hosts.
  • I/O Fenced - A special setting that disables host access to both active storage sources in affected virtual disks.
    • It is also a way to intentionally disable all host access to the virtual disks in the event that one of the servers restarts unexpectedly, commonly referred to as a "crash".
  • Disabled (or No Witness) - No witness is configured. This is the default setting.
    • As a default server group setting, the result of the witness query is disregarded and host access is not disabled in any way. Data access continues to be allowed through enabled front-end paths. To recover mirror synchronization, the administrator will have to determine which server has the best data, then split and remirror the virtual disks as appropriate. Full recoveries are required to synchronize data on the new mirrors.
    • As a virtual disk setting, this option sets the behavior to Default, which will use whatever is configured for the server group default witness.

Setting the Default Witness Option for the Server Group

  1. In the Task Details page>Settings tab, expand Advanced Settings.
  2. In the Virtual Disk Witness section, select the required option.

    The Static IP Address option must include the IP address. Click the Test Address button to send a contact request from all servers to the witness IP address. The message "Successfully contacted the witness from all servers." appears under the button on the form if the witness contact response was successful from all servers in the group.

  3. Click Apply.

To set a witness for a specific virtual disk, cmdlets must be used. Refer to the following section for more information.

Witness Support in the DataCore Cmdlets

  • Add-DcsWitness - Adds a witness as an object in the server group configuration. This cmdlet is used when adding a witness that will be configured for a specific virtual disk. After the witness is added, set the witness properties for the virtual disk using Set-DcsVirtualDiskWitnessProperties.
  • Set-DcsServerGroupDefaultWitnessProperties - Sets the default witness properties for the server group. The default server group setting is applied to all virtual disks that are not individually configured to use a specific witness with the cmdlet Set-DcsVirtualDiskWitnessProperties.
    • The witness is configured by providing an IP address for that witness. If the witness already exists, the new IP address is applied to the existing witness. If a witness does not exist, the witness is automatically created using the provided IP address and assigned a default name.
    • If there is an existing witness and it is set as either the -IOFenced or -NoWitness option, the witness is no longer needed and automatically deleted from the configuration.
  • Set-DcsVirtualDiskWitnessProperties - Sets the witness properties for a specified virtual disk. Setting a witness or the -IOFenced option overrides any default server group witness setting for the virtual disk. The -NoWitness option sets the behavior back to Default, which uses whatever is configured for the server group default witness.
    • The witness is configured by providing an IP address for that witness. If the witness does not already exist in the configuration, it should be added using the cmdlet Add-DcsWitness prior to setting the witness properties for the virtual disk.
    • If there is an existing witness for a virtual disk, it can be set as either the -IOFenced or -NoWitness option. In either of these cases, if the witness is no longer needed it can be removed using Remove-DcsWitness.
  • Set-DcsWitnessProperties - Changes the name and/or IP address for a specified witness.
  • Invoke-DcsWitnessContact - Tests witness connectivity by issuing a request asynchronously to all servers in the local server group to attempt to contact the specified witness, and returns the results.
  • Get-DcsWitness - Returns all witnesses configured in the server group configuration.
    • Use Get-DcsServerGroup to display current values for DefaultWitness (Witness ID), and DefaultWitnessOption in the returned object.
  • Remove-DcsWitness - Removes the specified witness from the server group.