Cohesive Blog

By Bob Smetana

How to guide: Set up a Windows Server Failover Clustering (WSFC) with SQL server AlwaysOn using VNS3 Overlay Networks

Windows Server Failover Clusters (WSFCs) are often an essential piece of critical systems. WSFCs provide a suite of tools to make systems faster and more reliable. Configuring WSFCs  with VNS3 allows you to cluster physical and virtual servers regardless of physical location and network configuration.

While you can set up a WSFC in any environment,  it is still up to you to protect your data in motion between nodes.

Suppose you have a node that is required to be off site. In order to remain secure, you must use additional hardware to provide connectivity from one location to the other.

VNS3 solves the security and connectivity issues elegantly.  Each node can be connected to the VNS3 overlay network via a clientpack – each machine would then have an encrypted connection to a secure virtual network you control.  All that is required for each node is an internet connection and open security groups to your VNS3 controller’s IP address.

In this example, VNS3 lets you use any cloud environment with an additional a layer of security and control over top.

This configuration frees you from the bounds of hardware and unfamiliar software without compromising security or flexibility.  You can even cluster virtual machines in any major cloud with on-site machines, allowing your users to enjoy security, high availability, and low latency.

In Windows, connections to VNS3 appear as ethernet adapters. From the perspective of each node, this configuration appears identical to a fully local configuration, with all nodes on the same network and subnet.  This simplifies Failover Cluster implementations and helps administrators conceptualize complex network ecosystems.

WSFC dns

In Windows, connections to VNS3 appear as ethernet adapters.

VNS3 can also provide a modular approach to Failover Clustering.  If you already have a WSFC implementation, VNS3 can connect to your cluster’s local network via IPsec, allowing your existing nodes to communicate with additional nodes anywhere in the world.

WSFC final

Availability group and listener communicating via the VNS3 overlay network.

Watch Bob Smetana’s full demo on YouTube:

Note – This guide uses the WSFC CloudFormation template and Windows server 2012 R2 and SQL server 2014 Enterprise. Other editions will work, but won’t match the video guide exactly.

See more VNS3 setup and troubleshooting guides on our Product Resources page: and on our YouTube channel:

Posted by:

- - - -

In July, we announced the release of our latest version of VNS3, 4.0. The features and functions are obviously the big reasons for updated the software-only virtual appliance, but I wanted to take a moment to point out some of the huge ways VNS3 has changed from the visual side.

VNS3 4.0 has had a major facelift.

4.0 new status page

Watch a walk through of the new VNS3 4.0 updates



Change your password, now!
If you’re launching a brand new VNS3 4.0 from AWS or Azure Marketplaces, the very first thing you’ll notice is the bright red warnings to update passwords at your first login. We are a security company, so it’s pretty important to us to help our customers stay secure. Even though passwords and logins seem like a small deal, weak passwords have brought down some of the biggest and best.

VNS3 4.0 reset password page

Want some high availability with that Controller? 
After you log in and change that password, the next screen you’ll see is the Getting Started page. Here are your usual 3 options for adding a license and configuring your VNS3 Controller.

At the bottom of those options you’ll see a new section : Configure HA Backup server. If you’ve got VNS3:ms, you can add this VNS3 Controller to your configuration and add high availability with VNS3:ha. This string of numbers and letters is the UUID you’d use to enable HA.

VNS3 4.0 getting started page

Easier Clientpack organization and page view

VNS3 4.0 clientpacks page


Customers with complex networks and several clientpacks will enjoy this update. One of the UI redesign requests we got was to add  paginated, sortable and searchable tables for Clientpacks. These types of organizational tables will also be in the sections for Peered connections, Overlay Network devices, and IPsec tunnels.

Dig the new colors
We hope you dig the new colors. Whether you upgraded an existing VNS3 Controller to 4.0 or went through the launch steps, we hope you like the new UI.

Easier navigation
We’ve updated the main menu categories. Don’t worry, it’s nothing Windows Vista drastic. 

Up at the top are still the Runtime, Overlay, and Connections sections. This is where you’ll spend most of your time configuring and editing VNS3.

We scooted Containers up between Connections and Maintenance, since it’s pretty important for customers who use the VNS3 plugin system.  In the Container section are still controls and links to container networks, container images and the list of all your configured containers. Need a quick refresher on VNS3 Containers? Here’s a video on our WAF plugin.

We’ve booted the Admin section down to the bottom of the list. Hopefully you won’t visit this section as often as the other UI menu items. But, just in case anything goes wrong the last 2 sections are here to help. Snapshots, licensing, remote support, and admin settings live here.

2 new menu items in the Admin section
The new 4.0 version lets you install your own SSL certificates. In the HTTPS Certs page you can upload either SSL Certificates or SSL keys. Easy enough.

In earlier versions, we squirreled away the “factory reset” page. Instead of looking for the paper clip hole in the back of your device, we made this handy menu item. Fear not, we added a step to make sure you’re really certain you want to reset the VNS3 Controller.

VNS3 4.0 reboot warning


Posted by:

- - - -

The cloud continues to be a significant force in enterprise computing and technology adoption.  Enterprises that have adopted cloud have seen slashes capital expenses, increased agility, centralized information management, and scaled their businesses quickly.

The 2015 RightScale State of the Cloud Survey estimates that 93% of respondents are adopting cloud – 88% are using public cloud, 63% using private cloud, and 58% using both.

rightscale hybrid cloud


With resources spread across providers, regions, and technologies, in this hyper-connected environment, most enterprises will likely never commit completely to one cloud model, provider or technology.

No IT pro is rushing to re-architect systems and applications to match a single cloud vendor. Furthermore, no enterprise IT team will risk their careers by committing to a single infrastructure vendor.  In fact, enterprises cannot forsake existing data centers to move entirely to cloud-based everything.  But, the concept of an on-premise data center is changing. Most enterprises are transforming legacy data centers into true private cloud environments.  

Every enterprise is already hybrid

The hybrid cloud is the most logical sounding answer for the quandaries of the capital expense of existing hardware, the need for cloud agility, the fear of vendor lock-in, and the market mandates set when competitors publicly commit to cloud.

Other than a few all-cloud startups and all-hardware laggards, the majority of enterprises are already “hybrid”. But the definition of the term “hybrid” continues to be hotly debated in cloud computing.

Hybrid can mean a blend of on-premise and in-cloud computing, a mix of private cloud and public cloud, or a network spread across regions or data center. “Hybrid” can even mean a shared space between partners, customers, and departments.

every enterprise is hybrid

In the future, none of that “hybrid” will matter

A huge shift in cloud computing will finally come when end applications – from accounting software to website servers – just work. No one will care about the underlying hardware, middleware or even the device connecting to the applications.  

“Hybrid Cloud” will mean cloud computing resources are interoperable with all technologies, hardware, providers, and geographies.  Developers of the world will be free to build applications without any thought to the underlying architecture.  

Security focus shifts from the data center to just the data

As data platforms modernize, security will evolve as well. No longer will organizations just build massive walls around a corporate data center to keep out all potential attackers.

Once hardware and software are virtualized they become part of the fabric of shared resources connected with public internet. Private cloud owners will see the value of public cloud security procedures and can avoid repeating security missteps.

Will this year be the year for data centers to adopt additional security that boosts existing network and physical security infrastructure?

Previously, internal data and systems were completely vulnerable to malicious “east-west” traffic. If a hacker breached the data center perimeter, they were able to move from application to application to gain access to all resources on the network.

In the future, private data centers will reflect public cloud security realities and secure internal network traffic as well. Encrypted layers of security within a data center or public cloud network will help organizations control access and encryption to limit malicious east/west movement.

This “application segmentation” at the application layer will add security within the network to strengthen existing data center hardware and virtualization layer security.

Enterprise application owners will realize the value of true virtual networks in concept in practice. No more will network operators believe a VLAN is actually virtual!

The limitations of the physical network architectures will be magnified once enterprises see the difference between an underlay for bulk transport and an overlay for application specific use-case tuning. The glaring security holes in physical networks once obfuscated will reveal themselves.

The collision between the cloud way and the physical data center way will be violent. The concept of an on-premise data center will change in 2016 both in how it will be built and how it will be consumed. Those with groups already working in the cloud will easily transition to a more flexible and efficient environment.  It may be called private cloud or software defined data center, but the name won’t matter.

The question for 2017 is “when will the traditional physical data center way become extinct?”

Posted by:

- - - -

Blog Resources