لطفا منتظر باشید ...
Implementing a New Cluster
Many of the mission-critical applications deployed within your organization will be new applications, which require you to deploy new Network Load Balancing clusters. The process for implementing a new cluster involves more than installing Windows Server 2003 and Network Load Balancing on the individual application servers. Implementing a new cluster might require additional network infrastructure, network services, file services, database services, and security services. Figure 9.3 shows the steps that you must complete before and after the implementation of the new cluster.
Figure 9.3: Implementing a New Cluster
Preparing to Implement the Cluster
Your new cluster is dependent upon the network infrastructure and other network services in your total solution. Ensure that these network infrastructure and other network services are deployed prior to implementing your cluster.Prepare for the implementation of the new cluster by using the information documented in the "NLB Cluster Host Worksheet" and other documentation (such as Visio drawings of the network environment) that your design team completed for a specific cluster host during the design process. Coordinate with the operations team during this step in the process to review the changes that will occur in your organization's network environment.To prepare for the implementation of the new cluster, complete the following tasks:
Implement the network infrastructure required by the cluster and by the applications and services running on the cluster.
Implement any networking services required by the applications and services running on the cluster.
Select the method for automating any additional Network Load Balancing configuration.
Implementing the Network Infrastructure
Before you implement the cluster, you must implement the network infrastructure that connects the cluster to client computers, to other servers within your organization, and to management consoles. The network infrastructure components include:
Network cables
Hubs
Switches
Routers
Firewalls
| Note | Any references to switches in this chapter refer to Layer 2 switches. |
When implementing the network infrastructure, make sure to have specifications about your current network environment available. Specifically, your hardware and software inventory and a map of network topology can be helpful. For more information about creating those documents, see "Planning for Deployment" in Planning, Testing, and Piloting Deployment Projects of this kit.
Implementing Any Required Networking Services
Network Load Balancing is independent of the other Windows Server 2003 network services. As a result, you do not need to implement networking services for Network Load Balancing.However, the applications and services running on the cluster can be dependent on other Windows Server 2003 networking services. For more information about requirements for implementing networking services used by the services and applications running on the cluster, see "Additional Resources" later in this chapter.
Automating Additional Configurations
In many instances, it is possible that Windows Server 2003, Network Load Balancing, or the applications and services running on a particular cluster might require additional configuration after the installation is complete. You can use any combination of the following methods for automating these additional configurations:
Microsoft Visual Basic Scripting Edition (VBScript)
Windows Management Instrumentation (WMI)
Active Directory Service Interfaces (ADSI)
Example: Preparing to Implement the Cluster
An organization is deploying a new Web application that will be accessed by a large volume of Internet users. Because of scaling and availability considerations, the organization will deploy the new, high-volume Web application on a Network Load Balancing cluster. Figure 9.4 illustrates the organization's network environment prior to the implementation of the new cluster.
Figure 9.4: Network Environment Before Implementing New Cluster
In addition to deciding that the new Web farm will run on a Network Load Balancing cluster, the design team also made the following configuration decisions:
No single router, switch, or Internet Information Services (IIS) Web farm server failure will prevent users from running the Web application.
Web application will store data in a clustered SQL server running Microsoft SQL Server™ 2000 on a server cluster.
Web application executables Active Server Pages (ASP), Hypertext Markup Language (HTML) pages, and other executable code will be stored on a file server running on a server cluster.
Accounts used for authenticating Internet users will be stored in Active Directory directory service.
As the first step in the organization's deployment of the Web application, the IIS 6.0 Web farm, and Network Load Balancing, the organization must restructure the network infrastructure to support the new Web farm and cluster. Figure 9.5 illustrates the organization's network environment after preparing for the implementation.
Figure 9.5: Network Environment After Preparing to Implement a New Cluster
Table 9.3 lists the deployment steps that were performed prior to the implementation of the new cluster and the reasons for performing those steps.
Deployment Step | Reason |
|---|---|
Add Firewall-02 and Firewall-03 | Provide redundancy and load balancing. |
Add Switch-01 and Switch-02 | Provide redundancy and load balancing. |
Add network segments on Switch-01 and Switch-02 | Connect the IIS 6.0 Web farm to the network. |
Configure Switch-01 and Switch-02 to belong to the same VLAN | Provide load balancing of client requests by using Network Load Balancing. |
Add SQLCLUSTR-01 | Provide database support for the Web application on a Microsoft server cluster. |
Add FILECLUSTR-01 | Provide secured storage for the Web application executables and content on a Microsoft server cluster. |
Add DC-01 and DC-01 | Provide storage and management of user accounts used in authenticating Internet users. |
Implementing the Cluster
To implement the new cluster, complete the following tasks:
Install and configure the hardware and Windows Server 2003 for each cluster host.
Install and configure the first Network Load Balancing cluster host.
Install and configure additional Network Load Balancing cluster hosts.
| Note | When your Network Load Balancing solution includes multiple Network Load Balancing clusters with round robin DNS, complete these tasks for each Network Load Balancing cluster in the solution. For more information about combining multiple Network Load Balancing clusters with round robin DNS, see "Scaling NLB Solutions" in "Designing Network Load Balancing" in this book. |
Installing and Configuring the Hardware and Windows Server 2003
The first step in performing the implementation of the new cluster is to install and configure the hardware and Windows Server 2003 for each cluster host. Install and configure all cluster host hardware at the same time to ensure that you eliminate any configuration errors prior to installing and configuring the Network Load Balancing cluster.To install and configure Windows Server 2003 on the cluster host hardware, you must be logged on as a user account that is a member of the local administrators group on all cluster hosts. Install and configure the cluster host by using the information documented in the "NLB Cluster Host Worksheet" that your design team completed for that host during the design process.To install and configure the hardware and Windows Server 2003 on each cluster host in the new cluster, complete the following tasks:
Install the cluster host hardware in accordance with the manufacturer's recommendations.
Connect the cluster host hardware to the network infrastructure.
Install Windows Server 2003 with the default options and specifications from the worksheet for the cluster host.
Install any additional services (such as IIS 6.0 or Routing and Remote Access) by using the design specifications for the service.For detailed instructions on installing additional services, see the resources related to the corresponding service in "Additional Resources" later in this chapter.
Configure the TCP/IP property settings and verify connectivity for the cluster adapters.
| Caution | Configure the dedicated IP address at this time. The cluster IP address and any virtual IP addresses for port rules are added later in the deployment process through Network Load Balancing Manager. |
If a separate management network is used, configure the TCP/IP property settings and verify connectivity for the management adapter.Although not required, it is recommended that you use a separate management network adapter to provide a communication path that is isolated both from the cluster adapter and from the clients. For more information on the benefits of including a management network adapter in your design, see "Selecting the Number of Network Adapters in Each Cluster Host" in "Designing Network Load Balancing" in this book.
Configure each server to be a member server in a domain created specifically for managing the cluster and other related servers.Although not required, creating a domain for management of the cluster provides a centralized method of controlling security to the cluster. Management of clusters installed in a workgroup is more difficult and time-consuming. When the cluster resides in a perimeter network, create a separate forest for the exclusive purpose of managing servers (including cluster hosts) in the perimeter network.
Installing and Configuring the First Cluster Host
After you have installed and configured the hardware for the cluster, you are ready to install and configure the first cluster host. The first cluster host acts as a master copy when you use an image-based deployment method (such as RIS, Sysprep, or a third-party product) to deploy the remaining cluster hosts.An image-based deployment is faster and ensures consistency when implementing the remaining cluster hosts, by reducing or eliminating manual configuration. In addition, the same image-based deployment method can be reused after the deployment to restore failed cluster hosts.Depending on the type of image-based deployment, different methods are used to customize the cluster host after the image has been restored. For example, Sysprep can allow you to interactively customize the image or use a configuration file — sysprep.inf— to customize the image. For more information on customizing the restored image, see "Designing Unattended Installations," "Designing Image-based Installations with Sysprep," and "Designing RIS Installations" in Automating and Customizing Installations of this kit.Perform the following task on the first cluster host by using the "NLB Cluster Host Worksheet" that your design team completed for the first cluster host:
If you did not use the automated installation process to create the new cluster, start Network Load Balancing Manager and create a new cluster.
| Tip | You can start Network Load Balancing Manager by running Nlbmgr.exe. |
Install the applications and services on the first cluster host.Examples of Windows Server 2003 services to be installed at this time include IIS or Terminal Services. For more information about installing Windows Server 2003 services, see the chapters that discuss those services in the Microsoft Windows Server 2003 Deployment Kit.
Examples of applications to be installed at this time include, Web applications or Windows applications that run on Terminal Services. For more information about installing the applications running on your cluster, see the documentation that accompanies your application.
Enable monitoring and health checking on the first cluster host.A Microsoft Operations Manager (MOM) Management Pack exists for Network Load Balancing. When your organization uses MOM to monitor and manage the servers within your organization, include the MOM Management Pack for Network Load Balancing on the cluster hosts.For location of additional information about monitoring and health checking the applications and services running on the cluster, review the resources in "Additional Resources" later in this chapter.
Verify that the first Network Load Balancing cluster host responds to client queries by directing requests to the cluster IP address.Test the first cluster host by specifying the cluster IP address or a virtual cluster IP address in the client software that is used to access the application or service running on the cluster. For example, a client accessing an IIS application would put the cluster IP address or virtual cluster IP address in the Web browser address line.
| Important | Create an entry in DNS for the cluster only after you have completed the deployment of the entire cluster. Prematurely publishing the applications and services in DNS might result in overwhelming the cluster hosts before all cluster hosts are installed |
Installing and Configuring Additional Cluster Hosts
After you have installed and configured the first cluster host, you are ready to install and configure the remaining cluster hosts in the cluster. The first cluster host acts as a master copy when you use an image-based deployment method (such as RIS, Sysprep, or a third-party product) to deploy the remaining cluster hosts.Perform the following tasks on the remaining cluster hosts by using the "NLB Cluster Host Worksheet" that your design team completed for each cluster host:
Create an image of the first cluster host that has just been deployed (discussed in the previous section) as required by one of the following image-based automated installation methods:
SysprepFor more information about creating Sysprep images, see "Designing Image-based Installations with Sysprep" in Automating and Customizing Installations of this kit.
RISFor more information about creating RIS images, see "Designing RIS Installations" in Automating and Customizing Installations.
Third-party productsFor more information about creating images with third-party products, see the documentation provided with the third-party image deployment software.
Restore the image of the first cluster host (created in step 1) to one of the remaining cluster host, following the directions provided in the documentation for the image-base installation method you used.
Configure any computer specific information (such as computer name and IP address) on the newly deployed cluster host.
Enable monitoring and health checking for the additional cluster host.Use the same methods as described for the first cluster host.
Verify that the additional cluster host responds to client requests.Use the same methods as described for the first cluster host.
Complete steps 2 through 5 for each remaining cluster host in the Network Load Balancing cluster.
Ensure that the cluster is load balancing requests across all cluster hosts (based on the port rules of the cluster).
The time required to create and test the images used in an image-based deployment can be prohibitive. It might take you less time to install and configure the remaining cluster hosts in the same way that you installed and configured the first Network Load Balancing cluster host. For example, you could deploy a cluster that consists of three cluster hosts. If you decide to deploy the cluster hosts using a method other than image-based deployment, you must ensure that you can restore a failed cluster host.
Example: Implementing the New Cluster
The organization mentioned in "Example: Preparing to Implement the Cluster" earlier in this chapter is now ready to implement the new IIS 6.0 Web farm that uses Network Load Balancing for load balancing and fault tolerance. The network infrastructure and additional networking services have been deployed in preparation for the implementation.In this step, the organization installed and configured the first cluster host as a model for the remaining cluster hosts. Then the organization deployed the remaining cluster hosts by using an image-based deployment method. Figure 9.6 illustrates the network environment after the implementation of the new IIS 6.0 Web farm and Network Load Balancing.
Figure 9.6: Network Environment After Installing the New Cluster
Table 9.4 lists the deployment steps that were performed to implement the new cluster and the reasons for performing those steps.
Deployment Step | Reason |
|---|---|
Add IIS-01, IIS-02, IIS-03, IIS-04, IIS-05, IIS-06, IIS-07, and IIS-08 server hardware. | Server hardware needs to be connected to network infrastructure in preparation for Network Load Balancing deployment. |
Install Windows Server 2003 and Network Load Balancing on IIS-01 by using unattended installation. | Unattended setup is chosen because of the limited number of hosts to be deployed. |
Create an image of IIS-01 to use as a model for RIS deployment. | RIS allows the servers to be reimaged in the event of a server failure. |
Deploy the image on IIS-02, IIS-03, IIS-04, IIS-05, IIS-06, IIS-07, and IIS-08. | Image deployment ensures a consistent configuration on all servers in the Network Load Balancing cluster. |
Verify the Web farm responds to client requests. | Verification ensures that the Web farm is properly configured and that Network Load Balancing is load balancing. |
Verifying the Cluster and Enabling Client Access
The final step in implementing your new Network Load Balancing cluster is to ensure that you have properly implemented and configured your cluster. In "Installing and Configuring the First Cluster Host" earlier in this chapter, you verified your implementation of individual servers. Now you must ensure that the entire cluster is secure and is properly monitored and health checked.To verify the cluster and enable client access, complete the following tasks:
Verify the cluster host restoration process.
Verify that identified security threats are mitigated.
Perform monitoring and health checking on the complete cluster.
Verify proper operation of applications and services running on the cluster.
Enable client access to the cluster.
Verifying the Cluster Host Restoration Process
Before placing the cluster into a pilot or production environment, you need to verify cluster host restoration to ensure that you can properly restore a cluster host that has failed.To verify the cluster host restoration process, complete the following tasks:
Remove a cluster host from the cluster by performing a drainstop on the cluster host.A drainstop prevents a cluster host from handling new client requests. While draining, a cluster host continues to complete any outstanding requests and remains in the cluster until all active requests are completed. Then the cluster host stops all cluster operation.
Remove all disk volumes and disk partitions on the cluster host.
Restore the cluster host based on the installation method selected earlier in the deployment process.
Restart the cluster host.
Verify that the System event log of each cluster host contains no errors and that the restored cluster host responds properly to client requests.
Verifying That Identified Security Threats are Mitigated
You need to verify that all the identified security threats are properly handled in your new Network Load Balancing solution.To verify that the identified security threats are mitigated, complete the following tasks:
Connect a client computer to the network such that the clients access the cluster by using the same route path that a typical client computer would use to connect to the cluster.For example, when clients connect to the cluster through a series of firewalls and routers to connect to the cluster over the Internet, ensure the client computer used for testing connects to the cluster through the same firewalls and routers.
Log on to the client computer with the user rights identified in your security threats.
For each identified security threat, reproduce the steps that result in the security compromise of the cluster.
Document the results and report the findings to the design team.
With the assistance of the design team, resolve any outstanding security issues.
| Important | Resolve all security threats before proceeding further in the deployment process. |
Monitoring and Health Checking the Complete Cluster
Your next step in completing the implementation of your new cluster is to enable monitoring and health checking on the entire cluster. In "Installing and Configuring the First Cluster Host" and "Installing and Configuring Additional Cluster Hosts" earlier in this chapter, you enabled monitoring and health checking on individual cluster hosts. However, in this step you are ensuring that the cluster is monitored as a complete unit. Enable monitoring and health checking on the cluster before allowing users to access the cluster in a pilot or production environment.As clients begin to access the applications and services in your cluster, continue to provide monitoring and health checking as described in "Installing and Configuring the First Cluster Host" earlier in this chapter. Verify that the cluster performs as expected with live client traffic.After the deployment process is complete, ensure that your operations staff continues the monitoring and health checking process in their long-term operations processes as part of your ongoing operations.
Verifying Proper Operations of Applications and Services
Before placing the complete cluster into a pilot or production environment, you need to verify that applications and services are running correctly on the cluster.To verify proper operations of applications and services on the new cluster, complete the following tasks:
Temporarily connect a client computer to the same switch used by the cluster.
From the client computer, verify that the applications respond to client requests as expected.
Disconnect the client computer from the switch.
Enable Client Access to the Cluster
Your last step in the implementation of your new cluster is to allow clients access to the applications and services running on the cluster. Be sure that you successfully complete all previous steps in the process before enabling users to access the cluster in a pilot or production environment.
Enable client access to the applications and the services in the cluster by creating DNS entries. Users will access your applications and services by using user-friendly names or Uniform Resource Locaters (URLs), such as http://www.microsoft.com, which correspond to the individual applications or services on the Network Load Balancing cluster. The DNS entries allow the translation of the user-friendly name to at least one IP address. When round robin DNS is used for load balancing between clusters, you must create a DNS entry for each cluster.Table 9.5 lists the criteria for determining the number of DNS entries required for your new cluster.
Solution Includes One of the Following | Required DNS Entries |
|---|---|
Only one Network Load Balancing cluster. | A DNS entry for the cluster and a DNS entry for each virtual cluster. |
More than one Network Load Balancing cluster with client traffic distributed across Network Load Balancing clusters by using round robin DNS. | A round robin DNS entry for each cluster and a round robin DNS entry for each virtual cluster. |
Example: Verifying the Cluster and Enabling Client Access
The organization mentioned in the examples earlier in this chapter is now ready to complete the implementation of the new IIS 6.0 Web farm. The Web farm servers are implemented and basic connectivity is provided to the Web farm. The organization has verified that Network Load Balancing is distributing client traffic evenly and that all cluster hosts are servicing client requests.In this step, the organization verifies that the Web farm and the cluster function as a whole. Although operation of each cluster host was verified during the implementation process, now the organization must ensure that the new Web farm meets or exceeds the design specifications established by your design team before enabling client access to the applications.Figure 9.7 illustrates the network environment after the implementation of the new IIS 6.0 Web farm and Network Load Balancing.
Figure 9.7: Network Environment After Implementing the New Cluster
Table 9.6 lists the deployment steps that were performed to verify the new cluster and enable client access.
Deployment Step | Reason |
|---|---|
IIS-03 taken off line. | Automatic failover to other Web servers must be proven. |
IIS-02 restored. | Restoration process for Web servers must be proven. |
Client attached to the Internet and security attacks performed. | Mitigation of security threats must be proven. |
Monitoring and health checking enabled on IIS-01, IIS-02, IIS-03, IIS-04, IIS-05, IIS-06, IIS-07 and IIS-08. | Proper operation of the IIS 6.0 Web farm must be verified during and after the implementation process to ensure that load balancing is occurring and that system resources are adequate for client requests. |
A DNS entry created for the cluster IP address of NLBCluster-01. | Clients must have a DNS entry to access the Web applications running on the cluster. |
