[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Query on clustering and IP addresses

Posted on 2009-04-09
7
Medium Priority
?
348 Views
Last Modified: 2012-05-06
Hi Forum,

I have installed a Windows 2008 2-node cluster for SMTP purposes.

Node1: 192.168.1.1
Node2: 192.168.1.2
Cluster1: 192.168.1.3

Cluster1 is the clustered address/hostname. All three are registered in DNS.

Applications on our network will be configured to use an SMTP server of: Cluster1 (or 192.168.1.3 if we need to specify an IP).

We have some ports of the network that are not accessible due a firewall being placed between that subnet and the rest. So, for example, Server1 in a restricted subnet needs to send SMTP mail. We'll need to open port 25, but to what destination, 192.168.1.1 and 192.168.1.2, or those AND 192.168.1.3, or just 192.168.1.3 only?

Thanks in advance.
0
Comment
Question by:kam_uk
  • 4
  • 2
7 Comments
 
LVL 6

Expert Comment

by:page1985
ID: 24110142
You should be able to open the firewall to point to the cluster address only being as the nodes in the cluster will listen on the cluster IP for all clustered traffic.
0
 
LVL 7

Expert Comment

by:dolomiti
ID: 24110193
hi,
I believe you need another name/address: the application one

node1, points to node1
node2, points to node3
cluster is just to manage it from you
Application1   192.168.1.4

Now you have to use cluster: build a resource group as Fileserver, SMTP, SQL server,...
and depending of type, give networkname,ipadress,resourcedisk,...
and inform users, firewall, dns, ecc about Application1 and/or  192.168.1.4

Then will be a problem of MSCS to run Applicatio01 on node1 or 2.

bye
vic
0
 
LVL 6

Expert Comment

by:page1985
ID: 24110219
This is true.  I was assuming you had already clustered the application and the IP was the application's cluster IP.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 3

Author Comment

by:kam_uk
ID: 24114388
Sorry guys - I should have mentioned, this is Windows 2008 NLB clustering I am using, not the hardware type clustering where you have resource groups, networkname etc
0
 
LVL 6

Accepted Solution

by:
page1985 earned 2000 total points
ID: 24142180
The cluster address should still receive the traffic because if you send traffic to the node addresses one of two (or both) things will happen:
1) Only the node will receive the traffic
2) Neither node will receive the traffic because it's a Unicast cluster and the node addresses are management only.
0
 
LVL 3

Author Comment

by:kam_uk
ID: 24171187
Yep it's set up as a Unicast cluster.

So the only IP I need to open up on my firewall is the cluster address? Just to confirm :)
0
 
LVL 6

Expert Comment

by:page1985
ID: 24246918
Correct.  Only open the cluster address.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question