Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Clustering IIS6 in DMZ with no domain

Posted on 2009-05-08
5
702 Views
Last Modified: 2012-05-06
I am to understand the following are requirements for Clustering with Windows 2003
1.)  Need Enterprise Version
2.)  Both servers require access to a domain (member of domain).
3.)  NLB seems to be the preferred method by many over Failover Clustering.
4.)  Require shared storage.
5.)  Granting access to domains inside the private network is a security risk.  shouldn't do it.

So with the above being said... points 2.) and 5.) is my delimma.

** How can I create a cluster in the DMZ with no domain?  Is there a safe way for the cluster to be members of the domain via tight Firewall rules?  What are other people doing to address this.   What bothers me most is the fact that it seems everyone is clustering web servers, but how are they doing it without causing security issues?

I'm reading a lot of conflicting information on this topic and would like someone who has 1st hand experience on this and can explain what the best way... most common accepted way of creating a clustered IIS server.
0
Comment
Question by:rdelrosario
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24341936
This article describes the issues with clustering IIS 6: http://news.zdnet.co.uk/hardware/0,1000000091,2124314,00.htm

Very few people do it.  Clustering is more common with SQL.

I'd recommend you simply using NLB for your web applications and then issues #1, #2, #4 and #5 disappear.  The one problem is NLB only supports automatic failover at the OS level.  It means you need to use a custom tool to monitor each server in the farm and if the wbe application fails restart IIS automatically.  However, to be honest if you're web application is poorly written it will likely fail on both servers.
0
 

Author Comment

by:rdelrosario
ID: 24343681
When you say OS level.. Do you mean application and service hangs? Just about every web shop runs some sort of high availability solution...are you saying all of them... Most of them just run nlb?  
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24346765
If the application or service hangs there is no failover and yes most shops only run NLB.  In my many years of experience there are two reasons for application errors.  The underlying hardware or O/S has a fault or the application design is flawed.  If the application design is flawed it will affect ALL servers.

What most companies (ours included) does is monitor each server for a variety of conditions:
- Out of disk space
- Out of memory
- Exceptions in the event/system logs

We then react accordingly which sometimes means as script takes the server offline and our 24/7 data center looks into it based on the SLA (Service Level Agreement.
0
 

Author Comment

by:rdelrosario
ID: 24353555
Tedbilly,
On a side note... have you any opinions of 2008 Server NLB or Clustering over 2003?  I can deploy either and wanted to know if you had any good/bad experience or opinions on 2008 server..
0
 
LVL 51

Accepted Solution

by:
Ted Bouskill earned 500 total points
ID: 24361112
I don't have personal experience with 2008, however I have second hand confirmation from peers where I work that are very happy with it.  I tend to be conservative with technology and if an older OS works I tend to stick with it, better the devil you know! ;)

However, 2008 has been out awhile and I haven't read any bad press so I'd say go for it.

Cheers
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question