Metro Availability Witness Option

  • 21 September 2020
  • 0 replies

Userlevel 3
Badge +2

You have the option of adding a Witness to a Metro Availability configuration (see Data Protection Guidelines (Metro Availability)). A "Witness" is a special VM that monitors the Metro Availability configuration health. The Witness resides in a separate failure domain to provide an outside view that can distinguish a site failure from a network interruption between the Metro Availability sites. The goal of the Witness is to automate failovers in case of site failures or inter-site network failures. The main functions of a Witness include:

  • Making a failover decision in the event of a site or inter-site network failure.

  • Avoiding a split brain condition where the same storage container is active on both sites due to (for example) a WAN failure.

  • Handling situations where a single storage or network domain fails.

Metro Availability Failure Process (no Witness)

In the event of either a primary site failure (the site where the Metro storage container is currently active) or the link between the sites going offline, the Nutanix administrator is required to manually disable Metro Availability and promote the target storage container on the remote (or current) site to Active.

In case of a communication failure with the secondary site (either due to the site going down or the network link between the sites going down), Metro Availability does one of the following depending on the setting (automatic or manual):

  • Automatic: The system automatically disables Metro Availability on the storage container on the primary site after a short pause if the secondary site connection does not recover within the specified time.

  • Manual: The system waits for the administrator to manually take action.



Metro Availability Failure Process (with a Witness)

When a Witness is added, the process of disabling Metro Availability and promoting the storage container in case of a site outage or a network failure is fully automated. The Witness functionality is only used in case of a failure, meaning a Witness failure itself does not affect VMs running on either site.



Metro Availability Operational Modes

After adding a Witness, you can select from three Metro Availability operational modes: Witness Mode (new), Automatic Resume Mode, or Manual Mode. The Metro Availability response to a failure scenario varies depending on which operational mode is selected. The following table details the failure scenarios and the response behavior based on the operational mode.


Witness Requirements

There are several requirements when setting up a Witness:

  • The Witness VM requires (at a minimum) the following:

    • 2 vCPUs

    • 6 GB memory

    • 25 GB storage

  • The Witness VM must reside in a separate failure domain, which means independent power and network connections from each of the Metro Availability sites. It is recommended that the Witness VM be located in a third physical site. This site should have dedicated network connections to Site 1 and Site 2 to avoid a single point of failure.

  • Communication with the Metro Witness happens over port TCP 9440 and, therefore, requires that this port be open for the Controller VMs on any Metro cluster that uses the Witness.

  • Network latency betweens each Metro Availability site and the Witness VM must be less than 200 ms.

  • The Witness VM may reside on any supported hypervisor, and it can run on either Nutanix or non-Nutanix hardware.

  • You can register multiple (different) Metro cluster pairs to a single Witness VM. One Witness VM can support up to 50 Witnessed Metro protection domains distributed among its registered Metro cluster pairs.


For more information, please follow the following documentation:


Metro Availability Witness Option

Upgrading A Witness VM

This topic has been closed for comments