Dynamic cluster isolation
Use dynamic cluster isolation to isolate applications from other applications that are deployed in the cell. For example, we might create a dynamic cluster isolation configuration to isolate the critical applications an external customer uses from the internal applications, which can tolerate some instability.
Scenario
Your company hosts Web applications for external customers and for internal departments in the company. To provide the most stable and secure service for the external customers, to be sure that their applications run on separate computers. Your hosting environment must adhere to the following requirements:
- All customer applications must run on different servers than applications from other companies for optimal security. For example, customer_1 applications must run on a different set of servers than customer_2 applications.
- Customer_2 also has a critical application that must be completely separate from both their other applications and any other applications in the cell.
- We also must host several internal applications that do not have performance and security requirements, including the company employee directory.
Solution
Use dynamic cluster isolation to meet the requirements of the customers. Dynamic cluster isolation specifies whether the dynamic cluster runs on the same nodes as other instances of dynamic clusters, or whether the dynamic cluster is the only dynamic cluster running on a node. The following configurations meet our customer requirements:
- Create dynamic clusters for customer_1 and customer_2. For the isolation requirement for each of the dynamic clusters, click group isolation when creating the dynamic cluster. With group isolation, a dynamic cluster instance can run on the same node only with instances of dynamic clusters that are a part of the same isolation group. Create an isolation group for customer_1 dynamic clusters, and another isolation group for customer_2 dynamic clusters.
- To separate the critical customer_2 application, define strict isolation for the dynamic cluster that is hosting the critical application. With strict isolation, a dynamic cluster instance can run only with other instances of the same dynamic cluster on a node.
- Because the internal employee directory application does not have any isolation requirements, click No isolation requirements when creating the dynamic cluster for that application.
By configuring the dynamic cluster with specific isolation requirements, we are providing the most stable and secure service for customers while also hosting internal applications for the company.
Priority of isolated dynamic clusters
Dynamic cluster isolation ensures that dynamic cluster instances from different dynamic clusters do not run on the same node, but it does not make guarantees about how the system avoids a violation of the isolation mode. Configuring strict isolation does not give a dynamic cluster priority over any other dynamic clusters.For example, we might have an environment with one available node, and two dynamic clusters. Each dynamic cluster has the minimum number of cluster instances set to 1. Consider the following isolation configuration scenarios:
- Both of the dynamic clusters are configured with strict isolation.
- One of the dynamic clusters is configured with strict isolation, and the other dynamic cluster does not have strict isolation defined.
In both of these scenarios, the application placement controller can place a single cluster instance for one of the dynamic clusters. Dynamic cluster instances cannot be placed for both dynamic clusters because only one node is available. In both scenarios, no guarantee is made about which dynamic cluster starts an instance. Even in the second scenario, where one of the dynamic clusters has strict isolation defined, the isolated dynamic cluster does not have priority over the other dynamic cluster. This restriction can be problematic for small systems, such as a single node environment, or environments with a large number of constraints.
Related concepts
Dynamic clusters Create dynamic clusters Intelligent Management: dynamic cluster administrative tasks