Q: How can I create a failover cluster that spans my on-premises data center and Windows Azure IaaS?

A: Provided your on-premises network has been connected to a virtual network created in Windows Azure, where you're running virtual machines (VMs), you can create a cluster by using the usual procedures. However, I need to point out some caveats:

  • Use a file share witness.
  • Create a fake IP address for the Windows Azure side of the network. This is because in Windows Azure virtual networks, all IP addresses are assigned via DHCP and the cluster IP address given is actually the same IP address as one of the hosts in the cluster on the Azure side. You can send traffic into an Azure VM only via two IP addresses: (1) the IP address assigned by the Azure infrastructure to the VM, and (2) at most one VIP that is a load-balanced IP.
    Because the cluster will be used for a workload, for example SQL Server AlwaysOn, it's important that the SQL Server IP address can be contacted rather than the cluster IP, which is why the cluster on the Windows Azure side is given the fake, unusable address.
  • The cluster IP address for the on-premises side should be a valid IP address and could be static or dynamically assigned.

Realize that the IP address for the Windows Azure side is useless, and is there only to satisfy the need for an IP address, which enables the Cluster Name to come online. To manage the cluster from the Azure side in the event of a failover, you will need to be connected to the actual cluster node and launch Failover Cluster Manager.

After you've created the cluster per normal steps, perform the following:

  1. Open Failover Cluster Manager.
  2. Select the cluster, and in the details look at the Cluster Core Resources.
  3. Right-click the IP address for the Windows Azure network, and select Properties.
  4. Rename it to Azure Dummy 169.254.1.1 in the General tab.
  5. Select the Advanced Policies tab and ensure only the Windows Azure nodes are selected as Possible Owners (see screen shot), then click OK.
  6. We will now force this IP address to be address 169.254.1.1 and not perform any checks if it's in the actual network.
    This can be done by using cluster.exe if the Failover Cluster Command Interface has been installed from RSAT, Feature Administration Tools, Failover Clustering Tools:
    Cluster res “Azure Dummy 169.254.1.1” /priv enabledhcp=0 overrideaddressmatch=1 address=169.254.1.1 subnetmask=255.255.0.0

    Or use Windows PowerShell:
    Get-ClusterResource “Azure Dummy 169.254.1.1” | Set-ClusterParameter -Multiple @{"Address"="169.254.1.1";"SubnetMask"="255.255.0.0";"Network"="Cluster Network 1";"OverrideAddressMatch"=1;"EnableDHCP"=0}
  7. For the other IP address (the on-premises valid IP address), right-click and select Properties.
  8. Select the Advanced Policies tab and ensure only the on-premises cluster nodes are selected as possible owners, and click OK.
  9. The cluster should now be good to go!