Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Clustering IIS6 in DMZ with no domain

Posted on 2009-05-08
5
Medium Priority
?
710 Views
Last Modified: 2012-05-06
I am to understand the following are requirements for Clustering with Windows 2003
1.)  Need Enterprise Version
2.)  Both servers require access to a domain (member of domain).
3.)  NLB seems to be the preferred method by many over Failover Clustering.
4.)  Require shared storage.
5.)  Granting access to domains inside the private network is a security risk.  shouldn't do it.

So with the above being said... points 2.) and 5.) is my delimma.

** How can I create a cluster in the DMZ with no domain?  Is there a safe way for the cluster to be members of the domain via tight Firewall rules?  What are other people doing to address this.   What bothers me most is the fact that it seems everyone is clustering web servers, but how are they doing it without causing security issues?

I'm reading a lot of conflicting information on this topic and would like someone who has 1st hand experience on this and can explain what the best way... most common accepted way of creating a clustered IIS server.
0
Comment
Question by:rdelrosario
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24341936
This article describes the issues with clustering IIS 6: http://news.zdnet.co.uk/hardware/0,1000000091,2124314,00.htm

Very few people do it.  Clustering is more common with SQL.

I'd recommend you simply using NLB for your web applications and then issues #1, #2, #4 and #5 disappear.  The one problem is NLB only supports automatic failover at the OS level.  It means you need to use a custom tool to monitor each server in the farm and if the wbe application fails restart IIS automatically.  However, to be honest if you're web application is poorly written it will likely fail on both servers.
0
 

Author Comment

by:rdelrosario
ID: 24343681
When you say OS level.. Do you mean application and service hangs? Just about every web shop runs some sort of high availability solution...are you saying all of them... Most of them just run nlb?  
0
 
LVL 51

Expert Comment

by:Ted Bouskill
ID: 24346765
If the application or service hangs there is no failover and yes most shops only run NLB.  In my many years of experience there are two reasons for application errors.  The underlying hardware or O/S has a fault or the application design is flawed.  If the application design is flawed it will affect ALL servers.

What most companies (ours included) does is monitor each server for a variety of conditions:
- Out of disk space
- Out of memory
- Exceptions in the event/system logs

We then react accordingly which sometimes means as script takes the server offline and our 24/7 data center looks into it based on the SLA (Service Level Agreement.
0
 

Author Comment

by:rdelrosario
ID: 24353555
Tedbilly,
On a side note... have you any opinions of 2008 Server NLB or Clustering over 2003?  I can deploy either and wanted to know if you had any good/bad experience or opinions on 2008 server..
0
 
LVL 51

Accepted Solution

by:
Ted Bouskill earned 2000 total points
ID: 24361112
I don't have personal experience with 2008, however I have second hand confirmation from peers where I work that are very happy with it.  I tend to be conservative with technology and if an older OS works I tend to stick with it, better the devil you know! ;)

However, 2008 has been out awhile and I haven't read any bad press so I'd say go for it.

Cheers
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here are the symptoms: You start receiving calls from users that one of your legacy web apps isn't coming up, so you log into your IIS 5 server to check it out.  When you pull up the services, you notice that the WWW Publishing service isn't runn…
Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question