We’ve taken to deploying a Cloud Witness for almost all of our Windows Server based clusters whether Hyper-V, Storage Spaces Direct (S2D), or Scale-Out File Server.
When logging on to the Azure Portal this morning we were prompted to check out a number of different areas by the Azure Advisor.
What caught our eye was a red bang High Impact recommendation in the Security Advisor.
Security Advisor: 3 Recommendations
After clicking in we saw:
High: Secure transfer to storage accounts should be enabled
We click on the link and we see three cloud witness storage resources that have been around for quite a long time.
Cloud Witness Storage Resources
Before we pulled the trigger on enabling the HTTPS connections we reached out to the Storage Team and asked whether the change would impact any of our cluster’s Cloud Witness setups.
They confirmed that the entire Cloud Witness setup was secured behind HTTPS and was done so from the beginning.
So, off we went:
It took a few minutes for things to clear up and finally let us know that the Security Advisor was happy.
The Advisor still showed the warning for the storage accounts after the above. So, it looks as though it may take a while before things refresh fully within the system.
The moral of the story: It’s okay to flip the bit on Storage HTTPS connections without being concerned about losing the witness at the cluster level.