A systems administrator needs to perform monthly OS patching on a critical two-node active-passive file server cluster. The primary goal is to complete the maintenance without service interruption. Which procedure represents the BEST course of action?
Manually fail over all services to the passive node. Patch the now-inactive primary node, and then fail the services back to the original primary node.
Use the network load balancer to redirect all client traffic to the passive node before updating the primary node.
Apply patches to the passive node first. After rebooting the passive node, fail over all services to it and then patch the original primary node.
Apply patches to both nodes concurrently during a low-traffic period to minimize the overall maintenance duration.
The correct procedure is to first manually trigger a failover. This action makes the passive node active and validates that the failover mechanism is working correctly before any maintenance begins. The original active node is now inactive and can be safely patched and rebooted without affecting services. After the updates, a 'failback' operation returns the cluster to its original state, ensuring the primary node is once again active. Patching both nodes simultaneously would cause a service outage, defeating the purpose of the cluster. Patching the passive node before testing the failover is risky; if the primary node were to fail unexpectedly during the patch process, there would be no standby available. Using a load balancer to redirect traffic is not the correct procedure; a failover is a specific function of the cluster software itself that moves all cluster resources, not just network traffic.