rdelrosario
asked on
Clustering IIS6 in DMZ with no domain
I am to understand the following are requirements for Clustering with Windows 2003
1.) Need Enterprise Version
2.) Both servers require access to a domain (member of domain).
3.) NLB seems to be the preferred method by many over Failover Clustering.
4.) Require shared storage.
5.) Granting access to domains inside the private network is a security risk. shouldn't do it.
So with the above being said... points 2.) and 5.) is my delimma.
** How can I create a cluster in the DMZ with no domain? Is there a safe way for the cluster to be members of the domain via tight Firewall rules? What are other people doing to address this. What bothers me most is the fact that it seems everyone is clustering web servers, but how are they doing it without causing security issues?
I'm reading a lot of conflicting information on this topic and would like someone who has 1st hand experience on this and can explain what the best way... most common accepted way of creating a clustered IIS server.
1.) Need Enterprise Version
2.) Both servers require access to a domain (member of domain).
3.) NLB seems to be the preferred method by many over Failover Clustering.
4.) Require shared storage.
5.) Granting access to domains inside the private network is a security risk. shouldn't do it.
So with the above being said... points 2.) and 5.) is my delimma.
** How can I create a cluster in the DMZ with no domain? Is there a safe way for the cluster to be members of the domain via tight Firewall rules? What are other people doing to address this. What bothers me most is the fact that it seems everyone is clustering web servers, but how are they doing it without causing security issues?
I'm reading a lot of conflicting information on this topic and would like someone who has 1st hand experience on this and can explain what the best way... most common accepted way of creating a clustered IIS server.
ASKER
When you say OS level.. Do you mean application and service hangs? Just about every web shop runs some sort of high availability solution...are you saying all of them... Most of them just run nlb?
If the application or service hangs there is no failover and yes most shops only run NLB. In my many years of experience there are two reasons for application errors. The underlying hardware or O/S has a fault or the application design is flawed. If the application design is flawed it will affect ALL servers.
What most companies (ours included) does is monitor each server for a variety of conditions:
- Out of disk space
- Out of memory
- Exceptions in the event/system logs
We then react accordingly which sometimes means as script takes the server offline and our 24/7 data center looks into it based on the SLA (Service Level Agreement.
What most companies (ours included) does is monitor each server for a variety of conditions:
- Out of disk space
- Out of memory
- Exceptions in the event/system logs
We then react accordingly which sometimes means as script takes the server offline and our 24/7 data center looks into it based on the SLA (Service Level Agreement.
ASKER
Tedbilly,
On a side note... have you any opinions of 2008 Server NLB or Clustering over 2003? I can deploy either and wanted to know if you had any good/bad experience or opinions on 2008 server..
On a side note... have you any opinions of 2008 Server NLB or Clustering over 2003? I can deploy either and wanted to know if you had any good/bad experience or opinions on 2008 server..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Very few people do it. Clustering is more common with SQL.
I'd recommend you simply using NLB for your web applications and then issues #1, #2, #4 and #5 disappear. The one problem is NLB only supports automatic failover at the OS level. It means you need to use a custom tool to monitor each server in the farm and if the wbe application fails restart IIS automatically. However, to be honest if you're web application is poorly written it will likely fail on both servers.