Installing the Windows Witness

Prerequisites

To install witness services on Windows be sure to have the following:

  • System with Windows Installed (virtual or physical)

  • Minimum system requirements:

    • Operating System: Windows 11 x64 or Server 2019 or newer

    • CPU: 1.4 GHz with 2 cores

    • Memory: 4 GB

    • Disk space: 64 GB

  • The witness system must be on the same network as the BrickStor SP cluster.

  • Windows Administrator level access.

The witness cannot be a member of another cluster and it cannot be one of the cluster nodes itself.
If the witness is a virtual machine, it cannot be backed by the same HA cluster storage. This will impact auto-failover functionality.

Installing Witness Services

The witness consists of 2 services: confd and hiavd. confd is a BrickStor SP configuration database service that adds resiliency to the cluster. The confd service does not participate in HA failover events. hiavd is the witness service which facilitates HA failover events; the failover will fail if hiavd is unavailable.

Download witness installation zip

The witness package consists of multiple files delivered in a ZIP file, which is available for download from a BrickStor SP cluster node IP using a web browser. To download the witness package file, follow the steps below:

  1. Using a web browser, enter the IP of one of the HA nodes (https://XXX.XXX.XXX.XXX).

  2. Click the user icon in the top right corner of the page.

  3. Select Downloads.

  4. Under the HA Witness section click the Windows link.

Install confd service

  1. Open a terminal in the Administrator mode.

  2. Change directory to the extracted witness installation files.

    cd C:\Users\USER NAME\Downloads\ha-witness-win-23.7.X\

  3. Install the confd service by executing the confd.exe.

    .\confd.exe

  4. Choose option 1 to install.

  5. Enter 0 for the instance ID.

  6. Accept the prompts.

  7. Configure the witness service to auto-restart on failure.

    sc failure "confd00" actions= restart/10000/restart/30000/restart/60000 reset= 120

  8. Move confadm utility to C:\Program Files\RackTop\Brickstor\confd\00 directory, which was created during the confd service installation.

    move .\confadm.exe "C:\Program Files\RackTop\Brickstor\confd\00"

Install hiavd service

  1. Open a terminal in the Administrator mode.

  2. Create the C:\Program Files\Racktop\BrickStor\hiavd\00 directory.

    md "C:\Program Files\Racktop\BrickStor\hiavd\00"

  3. Change directory to extracted witness installation files.

    cd C:\Users\USER NAME\Downloads\ha-witness-win-23.X\ha-witness-23.X

  4. Move the hiavd.exe file to the C:\Program Files\Racktop\BrickStor\hiavd\00 directory.

    move .\hiavd.exe "C:\Program Files\Racktop\BrickStor\hiavd\00"

  5. Register hiavd.exe as Windows service by executing hiavd.exe -install. See example below:

    cd "C:\Program Files\Racktop\BrickStor\hiavd\00"
.\hiavd.exe -install
24-07-02T13:51:04.357730 INF Successfully installed service 'RackTop High Availability'.

  6. Configure the witness service to auto-restart on failure.

    sc failure "hiavd" actions= restart/10000/restart/30000/restart/60000 reset= 120

  7. Start the witness service.

    sc.exe start hiavd

Configure Windows Firewall

The Witness service communicates via TCP (Transmission Control Protocol) using port 4746 as well as ICMP (Internet Control Message Protocol) with the BrickStor SP cluster nodes. Configure Windows Firewall to allow the necessary services by following the steps below:

  1. Open Windows Control Panel by searching Control Panel in the start menu.

  2. Click System and Security link.

    windows system and security

  3. Click Windows Defender Firewall link.

    windows defender firewall

  4. Click the Advanced Setting button to open a Windows Firewall Configuration window.

    firewall advanced settings

  5. Open the Properties wizard for the File and Printer Sharing (Echo Request ICMPv4-In) Inbound rule.

    firewall inbound rule properties

  6. Verify that Action is set to Allow the connection in the General tab. firewall allow the connection

  7. Verify that Remote IP Address is set to Any IP Address in the the Scope tab.

    firewall scope configuration

  8. Click OK.

  9. Back in the Advanced Settings window, select New Rule from the Action menu to create a new inbound firewall rule.

    firewall new rule

  10. Select the Port option to create a port rule.

  11. Click Next.

  12. Use the TCP option for Protocol and Port.

  13. Enter 4746 into the field for Specific local ports.

  14. Click Next.

  15. Select Allow the connection in Action.

  16. Click Next.

  17. Select all available profiles, or choose ones that apply to your environment for Profile.

  18. Click Next.

  19. Enter a meaningful name such as RackTop BrickStor HA Witness TCP 4746.

  20. Click Finish.

Configure Antivirus

The witness service is a critical component that facilitates BrickStor HA failovers. To avoid interrupting HA functionality during failover events, Racktop advises excluding the witness service hiavd.exe and related files from the virus scans.