Prerequisites, Restrictions, and Recommendations for Always On availability groups

This article describes considerations for deploying Always On availability groups, including prerequisites, restrictions, and recommendations for host computers, Windows Server failover clusters (WSFC), server instances, and availability groups. For each of these components security considerations and required permissions, if any, are indicated.

 Important

Before you deploy Always On availability groups, we strongly recommend that you read every section of this topic.

.Net Hotfixes that Support Availability Groups

Depending on the SQL Server 2017 components and features you will use with Always On availability groups, you may need to install additional .Net hotfixes identified in the following table. The hotfixes can be installed in any order.

	Dependent Feature	Hotfix	Link
	Reporting Services	Hotfix for .Net 3.5 SP1 adds support to SQL Client for Always On features of Read-intent, readonly, and multisubnetfailover. The hotfix needs to be installed on each Reporting Services report server.	KB 2654347: Hotfix for .Net 3.5 SP1 to add support for Always On features

Checklist: Requirements (Windows System)

To support the Always On availability groups feature, ensure that every computer that is to participate in one or more availability groups meets the following fundamental requirements:

	Requirement	Link
	Ensure that the system is not a domain controller.	Availability groups are not supported on domain controllers.
	Ensure that each computer is running Windows Server 2012 or later versions.	Hardware and Software Requirements for Installing SQL Server 2016
	Ensure that each computer is a node in a WSFC.	Windows Server Failover Clustering (WSFC) with SQL Server
	Ensure that the WSFC contains sufficient nodes to support your availability group configurations.	A cluster node can host one replica for an availability group. The same node cannot host two replicas from the same availability group. The cluster node can participate in multiple availability groups, with one replica from each group. Ask your database administrators how many cluster nodes are required for to support the availability replicas of the planned availability groups. Overview of Always On Availability Groups (SQL Server).

 Important

Also ensure that your environment is correctly configured for connecting to an availability group. For more information, see Always On Client Connectivity (SQL Server).

Recommendations for Computers That Host Availability Replicas (Windows System)

• Comparable systems: For a given availability group, all the availability replicas should run on comparable systems that can handle identical workloads.
• Dedicated network adapters: For best performance, use a dedicated network adapter (network interface card) for Always On availability groups.
• Sufficient disk space: Every computer on which a server instance hosts an availability replica must possess sufficient disk space for all the databases in the availability group. Keep in mind that as primary databases grow, their corresponding secondary databases grow the same amount.

Permissions (Windows System)

To administer a WSFC, the user must be a system administrator on every cluster node.

For more information about the account for administering the cluster, see Appendix A: Failover Cluster Requirements.

Related Tasks (Windows System)

Task	Link
Set the HostRecordTTL value.	Change the HostRecordTTL (Using Windows PowerShell)

Change the HostRecordTTL (Using Windows PowerShell)

1. Open PowerShell window via Run as Administrator.
2. Import the FailoverClusters module.
3. Use the Get-ClusterResource cmdlet to find the Network Name resource, then use Set-ClusterParameter cmdlet to set the HostRecordTTL value, as follows:
   Get-ClusterResource "<NetworkResourceName>" | Set-ClusterParameter HostRecordTTL <TimeInSeconds>
   The following PowerShell example sets the HostRecordTTL to 300 seconds for a Network Name resource named SQL Network Name (SQL35).

   Import-Module FailoverClusters  
   
   $nameResource = "SQL Network Name (SQL35)"  
   Get-ClusterResource $nameResource | Set-ClusterParameter ClusterParameter HostRecordTTL 300  
   

    Tip

   Every time you open a new PowerShell window, you need to import the FailoverClusters module.

Related Content (PowerShell)

• Clustering and High-Availability (Failover Clustering and Network Load Balancing Team Blog)
• Getting Started with Windows PowerShell on a Failover Cluster
• Cluster resource commands and equivalent Windows PowerShell cmdlets

Related Content (Windows System)

• Configure DNS settings in a Multi-Site Failover Cluster
• DNS Registration with Network Name Resource

SQL Server Instance Prerequisites and Restrictions

Each availability group requires a set of failover partners, known as availability replicas, which are hosted by instances of SQL Server. A given server instance can be a stand-alone instance or a SQL Serverfailover cluster instance (FCI).

In This Section:

• Checklist: Prerequisites
• Thread Usage by Availability Groups
• Permissions
• Related Tasks
• Related Content

Checklist: Prerequisites (Server Instance)

	Prerequisite	Links
	The host computer must be a WSFC node. The instances of SQL Server that host availability replicas for a given availability group reside on separate nodes of the cluster. An availability group can temporarily straddle two clusters while being migrated to different cluster. SQL Server 2016 introduces distributed availability groups. In a distributed availability group two availability groups reside on different clusters.	Windows Server Failover Clustering (WSFC) with SQL Server Failover Clustering and Always On Availability Groups (SQL Server) Distributed Availability Groups (Always On Availability Groups)
	If you want an availability group to work with Kerberos: All server instances that host an availability replica for the availability group must use the same SQL Server service account. The domain administrator needs to manually register a Service Principal Name (SPN) with Active Directory on the SQL Server service account for the virtual network name (VNN) of the availability group listener. If the SPN is registered on an account other than the SQL Server service account, authentication will fail. ** Important ** If you change the SQL Server service account, the domain administrator will need to manually re-register the SPN.	Register a Service Principal Name for Kerberos Connections Brief explanation: Kerberos and SPNs enforce mutual authentication. The SPN maps to the Windows account that starts the SQL Server services. If the SPN is not registered correctly or if it fails, the Windows security layer cannot determine the account associated with the SPN, and Kerberos authentication cannot be used. Note: NTLM does not have this requirement.
	If you plan to use a SQL Server failover cluster instance (FCI) to host an availability replica, ensure that you understand the FCI restrictions and that the FCI requirements are met.	Prerequisites and Requirements on Using a SQL Server Failover Cluster Instance (FCI) to Host an Availability Replica (later in this article)
	Each server instance must be running the same version of SQL Server to participate in an Always On Availability Group.	Editions and supported features for SQL 2014, SQL 2016, SQL 2017.
	All the server instances that host availability replicas for an availability group must use the same SQL Server collation.	Set or Change the Server Collation
	Enable the Always On availability groups feature on each server instance that will host an availability replica for any availability group. On a given computer, you can enable as many server instances for Always On availability groups as your SQL Server installation supports.	Enable and Disable Always On Availability Groups (SQL Server) ** Important ** If you destroy and re-create a WSFC, you must disable and re-enable the Always On availability groups feature on each server instance that was enabled for Always On availability groups on the original cluster.
	Each server instance requires a database mirroring endpoint. Note that this endpoint is shared by all the availability replicas and database mirroring partners and witnesses on the server instance. If a server instance that you select to host an availability replica is running under a domain user account and does not yet have a database mirroring endpoint, the New Availability Group Wizard (or Add Replica to Availability Group Wizard) can create the endpoint and grant CONNECT permission to the server instance service account. However, if the SQL Server service is running as a built-in account, such as Local System, Local Service, or Network Service, or a nondomain account, you must use certificates for endpoint authentication, and the wizard will be unable to create a database mirroring endpoint on the server instance. In this case, we recommend that you create the database mirroring endpoints manually before you launch the wizard. ** Security Note ** Transport security for Always On availability groups is the same as for database mirroring.	The Database Mirroring Endpoint (SQL Server) Transport Security for Database Mirroring and Always On Availability Groups (SQL Server)
	If any databases that use FILESTREAM will be added to an availability group, ensure that FILESTREAM is enabled on every server instance that will host an availability replica for the availability group.	Enable and Configure FILESTREAM
	If any contained databases will be added to an availability group, ensure that the contained database authentication server option is set to 1 on every server instance that will host an availability replica for the availability group.	contained database authentication Server Configuration Option Server Configuration Options (SQL Server)

Thread Usage by Availability Groups

Always On availability groups has the following requirements for worker threads:

• On an idle instance of SQL Server, Always On availability groups uses 0 threads.
• The maximum number of threads used by availability groups is the configured setting for the maximum number of server threads ('max worker threads') minus 40.
• The availability replicas hosted on a given server instance share a single thread pool.
  Threads are shared on an on-demand basis, as follows:
  • Typically, there are 3-10 shared threads, but this number can increase depending on the primary replica workload.
  • If a given thread is idle for a while, it is released back into the general SQL Server thread pool. Normally, an inactive thread is released after ~15 seconds of inactivity. However, depending on the last activity, an idle thread might be retained longer.
  • A SQL Server instance uses up to 100 threads for parallel redo for secondary replicas. Each database uses up to one-half of the total number of CPU cores, but not more than 16 threads per database. If the total number of required threads for a single instance exceeds 100, SQL Server uses a single redo thread for every remaining database. Serial Redo threads are released after ~15 seconds of inactivity.
   Note

  Databases are chosen to go single-threaded based on their ascending database ID. As such, the database creation order should be considered for SQL Server instances that host more availability group databases than available worker threads. For example, on a system with 32 or more CPU cores, the first six databases (ordered by database ID) in an availability group or groups will use parallel redo mode, and all subsequent databases will use single redo mode.
• In addition, availability groups use unshared threads, as follows:
  • Each primary replica uses 1 Log Capture thread for each primary database. In addition, it uses 1 Log Send thread for each secondary database. Log send threads are released after ~15 seconds of inactivity.
  • A backup on a secondary replica holds a thread on the primary replica for the duration of the backup operation.

For more information, see Always On - HADRON Learning Series: Worker Pool Usage for HADRON Enabled Databases (a CSS SQL Server Engineers Blog).

Permissions (Server Instance)

Task	Required Permissions
Creating the database mirroring endpoint	Requires CREATE ENDPOINT permission, or membership in the sysadmin fixed server role. Also requires CONTROL ON ENDPOINT permission. For more information, see GRANT Endpoint Permissions (Transact-SQL).
Enabling Always On availability groups	Requires membership in the Administrator group on the local computer and full control on the WSFC.

Related Tasks (Server Instance)

Task	Article
Determining whether database mirroring endpoint exists	sys.database_mirroring_endpoints (Transact-SQL)
Creating the database mirroring endpoint (if it does not yet exist)	Create a Database Mirroring Endpoint for Windows Authentication (Transact-SQL) Use Certificates for a Database Mirroring Endpoint (Transact-SQL) Create a Database Mirroring Endpoint for Always On Availability Groups (SQL Server PowerShell)
Enabling Availability Groups	Enable and Disable Always On Availability Groups (SQL Server)

Related Content (Server Instance)

• Always On - HADRON Learning Series: Worker Pool Usage for HADRON Enabled Databases

Network Connectivity Recommendations

We strongly recommend that you use the same network links for communications between WSFC nodes and communications between availability replicas. Using separate network links can cause unexpected behaviors if some of links fail (even intermittently).

For example, for an availability group to support automatic failover, the secondary replica that is the automatic-failover partner must be in the SYNCHRONIZED state. If the network link to this secondary replica fails (even intermittently), the replica enters the UNSYNCHRONIZED state and cannot begin to resynchronize until the link is restored. If the WSFC requests an automatic failover while the secondary replica is unsynchronized, automatic failover will not occur.

Client Connectivity Support

For information about Always On availability groups support for client connectivity, see Always On Client Connectivity (SQL Server).

Prerequisites and Restrictions for Using a SQL Server Failover Cluster Instance (FCI) to Host an Availability Replica

In This Section:

• Restrictions
• Checklist: Prerequisites
• Related Tasks
• Related Content

Restrictions (FCIs)

 Note

Failover Cluster Instances supports Clustered Shared Volumes (CSV). For more information on CSV, see Understanding Cluster Shared Volumes in a Failover Cluster.

• The cluster nodes of an FCI can host only one replica for a given availability group: If you add an availability replica on an FCI, the WSFC nodes that are possible FCI owners cannot host another replica for the same availability group. To avoid possible conflicts, it is recommended to configure possible owners for the failover cluster instance. This will prevent potentially causing a single WSFC from attempting to host two availability replicas for the same availability group.
  Furthermore, every other replica must be hosted by an instance of SQL Server 2016 that resides on a different cluster node in the same Windows Server failover cluster. The only exception is that while being migrated to another cluster, an availability group can temporarily straddle two clusters.

 Warning

Using the Failover Cluster Manager to move a failover cluster instance hosting an availability group to a node that is already hosting a replica of the same availability group may result in the loss of the availability group replica, preventing it from being brought online on the target node. A single node of a failover cluster cannot host more than one replica for the same availability group. For more information on how this occurs, and how to recover, see the blog Replica unexpectedly dropped in availability group.

• FCIs do not support automatic failover by availability groups: FCIs do not support automatic failover by availability groups, so any availability replica that is hosted by an FCI can be configured for manual failover only.
• Changing FCI network name: If you need to change the network name of an FCI that hosts an availability replica, you will need to remove the replica from its availability group and then add the replica back into the availability group. You cannot remove the primary replica, so if you are renaming an FCI that is hosting the primary replica, you should fail over to a secondary replica and then remove the former primary replica and add it back. Note that renaming an FCI might alter the URL of its database mirroring endpoint. When you add the replica ensure that you specify the current endpoint URL.

Checklist: Prerequisites (FCIs)

	Prerequisite	Link
	Ensure that each SQL Server failover cluster instance (FCI) possesses the required shared storage as per standard SQL Server failover cluster instance installation.

Related Tasks (FCIs)

Task	Article
Installing a SQL Server Failover Cluster	Create a New SQL Server Failover Cluster (Setup)
In-place upgrade of your existing SQL Server Failover Cluster	Upgrade a SQL Server Failover Cluster Instance (Setup)
Maintaining your existing SQL Server Failover Cluster	Add or Remove Nodes in a SQL Server Failover Cluster (Setup)