Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 717
  • Last Modified:

Clustering IIS6 in DMZ with no domain

I am to understand the following are requirements for Clustering with Windows 2003
1.)  Need Enterprise Version
2.)  Both servers require access to a domain (member of domain).
3.)  NLB seems to be the preferred method by many over Failover Clustering.
4.)  Require shared storage.
5.)  Granting access to domains inside the private network is a security risk.  shouldn't do it.

So with the above being said... points 2.) and 5.) is my delimma.

** How can I create a cluster in the DMZ with no domain?  Is there a safe way for the cluster to be members of the domain via tight Firewall rules?  What are other people doing to address this.   What bothers me most is the fact that it seems everyone is clustering web servers, but how are they doing it without causing security issues?

I'm reading a lot of conflicting information on this topic and would like someone who has 1st hand experience on this and can explain what the best way... most common accepted way of creating a clustered IIS server.
0
rdelrosario
Asked:
rdelrosario
  • 3
  • 2
1 Solution
 
Ted BouskillSenior Software DeveloperCommented:
This article describes the issues with clustering IIS 6: http://news.zdnet.co.uk/hardware/0,1000000091,2124314,00.htm

Very few people do it.  Clustering is more common with SQL.

I'd recommend you simply using NLB for your web applications and then issues #1, #2, #4 and #5 disappear.  The one problem is NLB only supports automatic failover at the OS level.  It means you need to use a custom tool to monitor each server in the farm and if the wbe application fails restart IIS automatically.  However, to be honest if you're web application is poorly written it will likely fail on both servers.
0
 
rdelrosarioAuthor Commented:
When you say OS level.. Do you mean application and service hangs? Just about every web shop runs some sort of high availability solution...are you saying all of them... Most of them just run nlb?  
0
 
Ted BouskillSenior Software DeveloperCommented:
If the application or service hangs there is no failover and yes most shops only run NLB.  In my many years of experience there are two reasons for application errors.  The underlying hardware or O/S has a fault or the application design is flawed.  If the application design is flawed it will affect ALL servers.

What most companies (ours included) does is monitor each server for a variety of conditions:
- Out of disk space
- Out of memory
- Exceptions in the event/system logs

We then react accordingly which sometimes means as script takes the server offline and our 24/7 data center looks into it based on the SLA (Service Level Agreement.
0
 
rdelrosarioAuthor Commented:
Tedbilly,
On a side note... have you any opinions of 2008 Server NLB or Clustering over 2003?  I can deploy either and wanted to know if you had any good/bad experience or opinions on 2008 server..
0
 
Ted BouskillSenior Software DeveloperCommented:
I don't have personal experience with 2008, however I have second hand confirmation from peers where I work that are very happy with it.  I tend to be conservative with technology and if an older OS works I tend to stick with it, better the devil you know! ;)

However, 2008 has been out awhile and I haven't read any bad press so I'd say go for it.

Cheers
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now