In Exchange, you are probably familiar with creating DAG’s and assigning a DAG IP.

All DAG’s running Windows Server 2008 R2 or Windows Server 2012 require at least one IP address on every subnet included in the MAPI network. The IP address(es) assigned to the DAG are used by the DAG’s cluster. The name you assign to the DAG becomes the cluster network name (also known as the cluster administrative access point, or AAP), which enables name resolution and connectivity to the cluster using the cluster’s IP address (or more precisely, connectivity to the cluster member that currently owns the cluster core resource group) using the cluster name.

In Windows Server 2012 R2, you can now create a failover cluster without the Administrative Access Point (AAP). Here are some benefits to this:

  • There are no IP addresses assigned to the cluster, and therefore no IP Address resources in the cluster core resource group.
  • There is no name assigned to the cluster, and therefore no Network Name resources in the cluster core resource group.
  • Because there is no name or IP address assigned to the cluster, there is no DNS entry for the cluster, and the cluster is not resolvable on the network.
  • A cluster name object (CNO) is not used, and therefore not created in Active Directory.
  • The cluster cannot be managed using Failover Cluster Manager. It must be managed using Windows PowerShell, and the PowerShell cmdlets must be run against individual nodes.

When you create a DAG without AAP you reduce the complexity of your DAG and you also reduce the surface attack area.

The option “DatabaseAvailabilityGroupIpAddresses” is no longer required when you create a DAG.

By default, the failover cluster will be created without an administrative access point. This is the recommended best practice by Microsoft.

Hope it helps.

    wpChatIcon

    Discover more from COLLABORATION PRO

    Subscribe now to keep reading and get access to the full archive.

    Continue reading