Best Practices for Securing Intelligent Availability Between Windows and Linux
October 09, 2018

Don Boxley

Share this

One of the chief advantages of software that offers intelligent availability is the somewhat recent ability to move computing resources and workloads between operating systems for business continuity. Although Windows and Linux were historically viewed as competitors, modern IT advancements have ensured much needed network availability between these ecosystems for redundancy, fault tolerance, and competitive advantage.

Software that offers intelligent availability enables the dynamic transfer of data and its processing to the best execution environment (BEV) for any given purpose. That may be on-premises, in the cloud, in containers, in Windows, or in Linux. Historically, dynamically and securely transferring resources from Windows to Linux was not possible due to the fact that each operating system had respective methods and tools for availability which are not interoperable.

In the case of SQL Server, there are three chief distinctions that account for this inability to dynamically transfer data and processing between its native cluster resource manager (CRM), Windows Server Failover Clustering (WSFC), and a Linux based CRM:

Communication: Windows supports two-way communication between its CRM and SQL Server. Linux only supports one-way communication with SQL Server, initiated by its CRM.

Coupling: Partly because of the communication, there is tight coupling between SQL Server and Windows Server Failover Clustering. Changes in the former are propagated into the latter — and vice versa. The coupling is much looser in Linux; Pacemaker does not see changes made in SQL Server.

Windows Integration: One can configure availability groups with SQL Server using Windows authentication (such as domain accounts). Certificates are required to configure availability groups in Linux.

These distinctions are easily overcome with intelligent availability software, which enables expedited creation of HA for SQL Server instances, availability groups, and Docker containers in Linux and Windows — with just a few clicks.

Without intelligent availability software, there are a number of facets of firewall configurations, passwords, node authentication, and node certification organizations must tend to when transferring resources between these environments. Intelligent availability software simplifies these concerns for simplified accessibility to an array of secure settings to situate IT assets not only for business continuity, but also for competitive advantage.

Firewall Configuration

Software that delivers intelligent availability facilitates clusters across multiple Linux distributions — which is not possible using Linux's CRM.

Since software with intelligent availability supports mixing nodes across Windows and Linux distributions, its critical to configure firewalls to allow availability between these operating systems. Doing so involves adding an HA option on the latter's firewall to move resources when the firewall is enabled.

In part because this addition alters this firewall's rules, organizations must reload this additional HA service for the firewall on each of the Linux clusters nodes for availability. A best practice for transferring computational resources for HA is to have multiple nodes available in a cluster for doing so. In a number of cases administrators must manage these nodes individually.

Although adjusting the firewall simply requires a basic line of code, it must be input on each node in the Linux cluster to allow data into the network from SQL Server as an intelligent availability option.


Software that delivers intelligent availability also reduces the complexity of high availability between Windows and Linux settings via its passcode administration.

With standard HA methodologies, users need to install Linux's CRM, create accounts on each of the available servers, and assign passwords. With intelligent availability methods, organizations rapidly install its third-party resource manager and assign a passkey to the nodes, then join the nodes for holistic cluster management through a UI. The manager provides a consistent experience for each of the clusters nodes.

With traditional high availability measures between Red Hat Linux nodes, for example, users have to input the same password on each server for holistic cluster management through any of the nodes. Failing to do so can increase time and costs when switching resources between nodes. The UI of the intelligent availability method, however, alleviates this worry while empowering organizations with comprehensive management of each of the clusters nodes — without an unnecessary emphasis on passwords.


The authentication process is much less complicated with software that offers intelligent availability than it is using conventional HA methods.

Activating a three-node cluster of Red Hat, Ubuntu, and Windows Server with the former approach takes less than a minute. Easy drag-and-drop capabilities create the subsequent availability group in just seconds, much easier than creating one in Linux. Authenticating the various instances requires a simple click and input of a password.

Without intelligent availability software, users must enable Linux's CRM and resources like a cluster engine and Domain Name Systems for uniformity of experience of each node in the cluster. This process is more time-consuming and resource intensive, partly due to relying on domain names instead of host names.

Intelligent availability methods simply require users to create a Vhost — a virtual IP address and virtual host name — and select the nodes it can run on. Host names pose no complications in Windows; in Linux, they must be manually added to the host file. In this respect, the Vhost option provided by software with intelligent availability saves time, effort, and valuable enterprise resources for the authentication process.

Node Certification

Node certification is another required Linux authentication step that is unnecessary in Windows. Domain accounts can be used for authentication in Windows, whereas formal certificates are required in Linux. These are replicated and sent to each node in the cluster.

Software with intelligent availability can bypass this step while still delivering HA for Docker containers and instances. With a few clicks, users can create additional Vhosts to add instances or containers as desired. Meanwhile, they get the same secure environment without needing certificates.

Security and Intelligent Availability

The practices outlined above are certainly not an exhaustive list of all the procedures necessary for implementing intelligent availability between Windows and Linux clusters. Regardless, they detail some of the most critical steps for preserving the security and underlying integrity of the data — and their processing — transferred between these environments for this intelligent availability option.

Organizations need not sacrifice security to position resources between operating systems; using these best practices, they won't.

Don Boxley is CEO and Co-Founder of DH2i
Share this