Solved

Load balancing DC's?

Posted on 2009-05-05
8
736 Views
Last Modified: 2013-12-24
Hi Everyone

We have about 5 DC's in our main site. There are a plethora of applications that need a DC hardcoded into their code to for either LDAP queries, or authentication.

At the moment, they are all pointing to DC1.

Obviously, if DC1 goes down, then we are in trouble.

I woud like to look into load balancing across all 5 DC's. I guess I could create a DNS CNAME (ldap.kam.uk) that points to all the DC's, but if one of the DC's is down, this won't help much. Does anyone have any ideas how I can implement some redundancy?
0
Comment
Question by:kam_uk
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24307153
The CNAME option will work, I would just put a very low TTL on them so that if one goes down or you have to take it offline for maintenance, the client will kick over to the next DC.
0
 
LVL 27

Assisted Solution

by:Jason Watkins
Jason Watkins earned 50 total points
ID: 24307368
Hi,

If you are looking to load balance authentication by those DCs, you should be alright as is.  If you DCs are in different sites, then you may have to tweak your DNS settings to make sure all DCs are available to users.

/F
0
 
LVL 3

Author Comment

by:kam_uk
ID: 24307400
Hi

Sorry, when I said load balance authentication, I wasn't referring to users authenticating, more the applications authenticating where they had a hard coded DC. They are unable to use SRV records.

ISWSIMBX - good idea about the TTL. What would you recommend? Also, wouldn't this generate more DNS traffic though?

Thanks!
0
 
LVL 3

Assisted Solution

by:ISWSIMBX
ISWSIMBX earned 50 total points
ID: 24307792
I believe the default value is 300 so I would go with around 100-150.  And yes, it will probably generate a bit more DNS traffic than before, but if it is only 5 DC's, then the amount of traffic increase should be pretty small.
0
[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

 
LVL 6

Assisted Solution

by:mvgeertruyen
mvgeertruyen earned 100 total points
ID: 24307944
I'm not sure if it is an option for you but with minor changes to the applications you could offload the fault tolerance to the AD (small change = modify the binding from LDAP<server> to GC<domain> for example).. If your apps only require ldap then the above dns suggestions would be good; but then again you would need to modify the settings off the apps. All depends on the apps off course.
Some info on ldap binding without specifying a server:
http://msdn.microsoft.com/en-us/library/ms677945(VS.85).aspx
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 300 total points
ID: 24309016

> DNS CNAME (ldap.kam.uk) that points to all the DC's

You won't be able to do that with a CNAME. Usage is illegal, you aren't allowed multiple CNAME records for the same resource. You could create multiple Host (A) Records for the same name though.

However, this is one very very important factor you must be aware of when implementing this.

DNS couldn't care less if the address it's handing out is up or down. It will happily hand out an address for a DC that is down. The responses to the query will rotate using Round Robin, but that's the extent of it. It's a very basic form of load balancing.

Either the application must support fault tolerance and be aware of the possible DCs. Or you must create a monitoring system that modifies the "ldap.yourdomain.com" record to a DC, or a number of DCs that are active. In that instance the low TTL would come into play.

Chris
0
 
LVL 3

Author Comment

by:kam_uk
ID: 24335802
Thanks..

Just one final query...

Let's say I list a DC in the UK, Spain and Russia in this ldap.kam.uk record.

If an application in Russia attempts a connect to ldap.kam.uk, will it contact the Russia DC, or is the proximity of the DC completely irrelevant in this DNS example?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24335832

Generally irrelevant. However, NetMask Ordering will attempt to give you an answer within the same subnet as the client if it can. Otherwise it uses standard Round Robin rotation.

I believe NetMask ordering matches on 24-bit subnets by default.

Chris
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating and Managing Databases with phpMyAdmin in cPanel.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now