?
Solved

Clustering IIS6 in DMZ with no domain

Posted on 2009-05-08
5
Medium Priority
?
708 Views
Last Modified: 2012-05-06
I am to understand the following are requirements for Clustering with Windows 2003
1.)  Need Enterprise Version
2.)  Both servers require access to a domain (member of domain).
3.)  NLB seems to be the preferred method by many over Failover Clustering.
4.)  Require shared storage.
5.)  Granting access to domains inside the private network is a security risk.  shouldn't do it.

So with the above being said... points 2.) and 5.) is my delimma.

** How can I create a cluster in the DMZ with no domain?  Is there a safe way for the cluster to be members of the domain via tight Firewall rules?  What are other people doing to address this.   What bothers me most is the fact that it seems everyone is clustering web servers, but how are they doing it without causing security issues?

I'm reading a lot of conflicting information on this topic and would like someone who has 1st hand experience on this and can explain what the best way... most common accepted way of creating a clustered IIS server.
0
Comment
Question by:rdelrosario
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24341936
This article describes the issues with clustering IIS 6: http://news.zdnet.co.uk/hardware/0,1000000091,2124314,00.htm

Very few people do it.  Clustering is more common with SQL.

I'd recommend you simply using NLB for your web applications and then issues #1, #2, #4 and #5 disappear.  The one problem is NLB only supports automatic failover at the OS level.  It means you need to use a custom tool to monitor each server in the farm and if the wbe application fails restart IIS automatically.  However, to be honest if you're web application is poorly written it will likely fail on both servers.
0
 

Author Comment

by:rdelrosario
ID: 24343681
When you say OS level.. Do you mean application and service hangs? Just about every web shop runs some sort of high availability solution...are you saying all of them... Most of them just run nlb?  
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24346765
If the application or service hangs there is no failover and yes most shops only run NLB.  In my many years of experience there are two reasons for application errors.  The underlying hardware or O/S has a fault or the application design is flawed.  If the application design is flawed it will affect ALL servers.

What most companies (ours included) does is monitor each server for a variety of conditions:
- Out of disk space
- Out of memory
- Exceptions in the event/system logs

We then react accordingly which sometimes means as script takes the server offline and our 24/7 data center looks into it based on the SLA (Service Level Agreement.
0
 

Author Comment

by:rdelrosario
ID: 24353555
Tedbilly,
On a side note... have you any opinions of 2008 Server NLB or Clustering over 2003?  I can deploy either and wanted to know if you had any good/bad experience or opinions on 2008 server..
0
 
LVL 51

Accepted Solution

by:
Ted Bouskill earned 2000 total points
ID: 24361112
I don't have personal experience with 2008, however I have second hand confirmation from peers where I work that are very happy with it.  I tend to be conservative with technology and if an older OS works I tend to stick with it, better the devil you know! ;)

However, 2008 has been out awhile and I haven't read any bad press so I'd say go for it.

Cheers
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question