High Availability

You can do the following at Virtual Machine Manager > Virtual Machine:

• Enable, edit or disable High Availability on the virtual machine. If you have previously configured an active server for the virtual machine, this active server must be included as one of the High Availability servers when enabling or editing High Availability. If you enable High Availability on a virtual machine that is currently powered off, the status of its High Availability will be Paused.
• View the High Availability status of each virtual machine.
• Check the High Availability settings under the High Availability tab, such as the status of the active, passive and storage servers, as well as the details of unsuccessful switchover or failover.

Limitations

Please note the following limitations:

• High Availability will not include the storage of the virtual machine. If the storage (i.e., the volume on the storage server) is crashed or the storage server is offline, the virtual machine will be stopped.
• If more than half of the hosts are offline, all the services and operations in the cluster will be stopped, and the virtual machine will be shut down. We recommend you set up more than three hosts in the cluster for High Availability.
• If the virtual machine has enabled High Availability, the virtual machine can only be moved between the active and passive servers.
• High Availability settings will not be applied to newly cloned virtual machines. You will have to re-configure the settings.
• High Availability settings will not be applied to virtual machines imported from existing storage. You will have to re-configure the settings.

Host Role

The following hosts are required for running High Availability on the virtual machine:

• Active server: This is the host on which the virtual machine is currently running. The status of the active server will be continuously monitored, and the system will initiate a switchover or failover when needed to ensure the availability of the virtual machine.
• Passive server: The chosen passive server will reserve the resources required for running the virtual machine, and will take over the virtual machine when the active server malfunctions.
• Storage server: This is the host on which the virtual machine is stored.

High Availability Status

Below are possible types of High Availability status:

• Performing switchover: Issues occurred on the active server of the virtual machine, and the system is performing live migration of the virtual machine to the passive server.
• Performing failover: The virtual machine or its active server is inaccessible, and the system is moving the virtual machine to the passive server and will restart the virtual machine.
• Enabled: High Availability has been enabled, and resources for the virtual machine have been successfully reserved.
• Paused: High Availability has been paused because the virtual machine has been shut down. However, resources are reserved for quick recovery. You can power on the virtual machine to resume High Availability.
• Warning: The virtual machine is running. However, switchover or failover will not be performed because the system failed to reserve resources or the passive server is inaccessible. Please manually troubleshoot the issue according to the warning message given.
• Error: The system failed to perform switchover or failover. Please manually troubleshoot the issue according to the error message given.
• -: High Availability has been disabled.

Resource Reservation

In order to ensure successful failover or switchover when errors occur, the system will reserve CPU and memory resources on the active and passive servers when you enable or edit High Availability on the virtual machine. In addition, when the specifications of the virtual machine are modified, required resources will be changed and reserved accordingly. For example, if a host with 4 GB memory is the passive server of a virtual machine with 1 GB memory, the system will reserve 1 GB memory on this passive server to ensure the virtual machine can be successfully run in the event of a switchover/failover. However, if the memory on the host is insufficient, memory reservation may fail, and the system may fail to perform switchover or failover. Likewise, when the rest of the memory is reserved for the virtualization cluster, this passive server will not be able to run any other virtual machines.

Switchover

Switchover refers to an automatic switch from an abnormal yet still functioning active server to a healthy passive server in a virtualization cluster. After performing the switchover, the active server assumes the role of the passive server, and the passive server assumes the role of the active server. The system will initiate a switchover when the active server is under the following situations:

• The connected uninterruptible power supply (UPS) units is in battery mode.
• The 5 minute load average exceeds 50.0.
• Cooling fan malfunctions.
• One of the network interfaces on the virtual machine malfunctions due to uplink failure of the virtual switch, while the corresponding virtual switch on the passive server is functioning normally.

Failover

The system will initiate a failover when the active server is inaccessible or the virtual machine is offline. When performing failover, the virtual machine will be automatically restarted on the passive server, and thus the connections may be temporarily unstable. The system will initiate a failover in the following situations:

• The active server is shut down abnormally or is not responsive due to network connection errors.
• The active server is shut down or rebooted, and the system will automatically perform a failover to move the virtual machine to the passive server. If you want perform live migration without disrupting the availability and connection of the virtual machine, please go to Virtual Machine > Action > Migrate, or go to Cluster > Action > Evacuate the HA-enabled Virtual Machine. If you do not want to perform a switchover, please shut down the virtual machine or disable High Availability manually.
• The virtual machine is shut down abnormally.