Citrix Systems 6 Configuration Requirements

Block Devices (VBDs) and networks can affect which VMs may be restarted on which hosts. Currently it is not

possible for XenServer to check all actions before they occur and determine if they will cause violation of HA

demands. However an asynchronous notification is sent if HA becomes unsustainable.

If you attempt to start or resume a VM and that action causes the pool to be overcommitted, a warning alert is

raised. This warning is displayed in XenCenter and is also available as a message instance through the Xen API.

The message may also be sent to an email address if configured. You will then be allowed to cancel the operation,

or proceed anyway. Proceeding causes the pool to become overcommitted. The amount of memory used by VMs

of different priorities is displayed at the pool and host levels.

If a server failure occurs such as the loss of network connectivity or a problem with the control stack

is encountered, the XenServer host self-fences to ensure that the VMs are not running on two servers

simultaneously. When a fence action is taken, the server immediately and abruptly restarts, causing all VMs

running on it to be stopped. The other servers will detect that the VMs are no longer running and the VMs will

be restarted according to the restart priorities assign to them. The fenced server will enter a reboot sequence,

and when it has restarted it will try to re-join the resource pool.

Configuration Requirements

Note:

Citrix recommends that you enable HA only in pools that contain at least 3 XenServer hosts.

For details on how the HA feature behaves when the heartbeat is lost between two hosts in

a pool, see the Citrix Knowledge Base article CTX129721.

To use the HA feature, you need:

• Shared storage, including at least one iSCSI, NFS or Fibre Channel LUN of size 356MB or greater- the heartbeat

SR. The HA mechanism creates two volumes on the heartbeat SR:

4MB heartbeat volume

Used for heartbeating.

256MB metadata volume

Stores pool master metadata to be used in the case of master failover.

Note:

For maximum reliability, Citrix strongly recommends that you use a dedicated NFS or iSCSI

storage repository as your HA heartbeat disk, which must not be used for any other purpose.

If you are using a NetApp or EqualLogic SR, manually provision an NFS or iSCSI LUN on the array to use as the

heartbeat SR.

• A XenServer pool (this feature provides high availability at the server level within a single resource pool).

• XenServer Advanced edition or higher on all hosts.

• Static IP addresses for all hosts.

Warning:

Should the IP address of a server change while HA is enabled, HA will assume that the host's

network has failed, and will probably fence the host and leave it in an unbootable state. To

remedy this situation, disable HA using the host-emergency-ha-disable command, reset the

pool master using pool-emergency-reset-master, and then re-enable HA.

For a VM to be protected by the HA feature, it must be agile. This means that: