Damo-T
asked on
Citrix Fault Tolerance incl WI AAC Server
I am testing a Citrix Solution which has been successful but I now need to investigate the next stage.
The test scenario we currently have consists of the following:
2 Citrix server Farms
1 Web Interface (Although in the final solution we will use 2)
Advanced Access Control Server
The current testing scenario is that users will come into either the AAC and be forwarded to one of the farms based on an End Point Scan OR they will come in directly to the Web Interface or directly to an application.
For disaster recovery purposes, we are wanting to duplicate the above and have it in a different location. In the event of a failure, we would want to (as seamlessly as possible) move users to the other site. This can all be handled by Virtual IP’s so I was wondering what the best way to achieve this is?
My thought was that we could have 2 XML servers one on each site (with the single VIP address) and host records for each but I am not sure if just having this is sufficient. Therefore should the main site fail (which has the primary server farms), the XML server will automatically redirect all traffic to the DR server farms, without the user interaction – until the main site comes up. Now this scenario can be useful if a failure of the server farm or the failure or the XML server at the primary location.
Any advice would be much appreciated.
The test scenario we currently have consists of the following:
2 Citrix server Farms
1 Web Interface (Although in the final solution we will use 2)
Advanced Access Control Server
The current testing scenario is that users will come into either the AAC and be forwarded to one of the farms based on an End Point Scan OR they will come in directly to the Web Interface or directly to an application.
For disaster recovery purposes, we are wanting to duplicate the above and have it in a different location. In the event of a failure, we would want to (as seamlessly as possible) move users to the other site. This can all be handled by Virtual IP’s so I was wondering what the best way to achieve this is?
My thought was that we could have 2 XML servers one on each site (with the single VIP address) and host records for each but I am not sure if just having this is sufficient. Therefore should the main site fail (which has the primary server farms), the XML server will automatically redirect all traffic to the DR server farms, without the user interaction – until the main site comes up. Now this scenario can be useful if a failure of the server farm or the failure or the XML server at the primary location.
Any advice would be much appreciated.
ASKER
Hi,
Let me explain a bit more in detail. I know this can be achieved with a Net Scaler or Citrix Access Gateway but wanted to avoid using one if necessary.
Part 1: I have 1 site which contains and Advanced Access Server, a Web Interface and 2 seperate Citrix Farms. The AAC performs an end point analysis on internal machines. If the machine is a member of the domain, it will be taken to one of the farms and can access certain applications. If the machine is not a member of the domain, it is taken to another set.
This is all working correctly.
Part 2: Now I want to plan for Disaster Recovery so I want to replicate Site 1 to another location. The data can be replicated via the SAN. I want (With minimum desruption) for users to be directed to the DR site in the event of something happening to site 1.
If you need any more clarification, please let me know. I am unsure how to achieve this but the Networking Team say they can control some of it if the Citrix servers can use Virtual IP but I am unsure which bits would need to. Any help appreciated.
Let me explain a bit more in detail. I know this can be achieved with a Net Scaler or Citrix Access Gateway but wanted to avoid using one if necessary.
Part 1: I have 1 site which contains and Advanced Access Server, a Web Interface and 2 seperate Citrix Farms. The AAC performs an end point analysis on internal machines. If the machine is a member of the domain, it will be taken to one of the farms and can access certain applications. If the machine is not a member of the domain, it is taken to another set.
This is all working correctly.
Part 2: Now I want to plan for Disaster Recovery so I want to replicate Site 1 to another location. The data can be replicated via the SAN. I want (With minimum desruption) for users to be directed to the DR site in the event of something happening to site 1.
If you need any more clarification, please let me know. I am unsure how to achieve this but the Networking Team say they can control some of it if the Citrix servers can use Virtual IP but I am unsure which bits would need to. Any help appreciated.
Are you going to do Active/Active or Active/Passive on the locations. For example, everyone goes to site A as long as it is up and everyone goes to site B only if site A is down - or - everyone gets load balanced between site A and B and if one site isn't accessible those users now go to the other site?
I know various setup/configurations, but that doesn't mean there aren't alternatives.
First, is AAC a component of Access Gateway? I'm only familiar with Access Gateway running a service that can do end point analysis.
As for a VIP (Virtual IP), the only way I know how to use that is if the VIP is assigned to a network appliance (F5, Cisco Load Balancer, Netscaler/Access Gateway, etc.) in a pair for HA. That way the network appliance is HA because there are two (I think you can do Active/Passive and Active/Active, but I think you'll need to enable sticky bits) and they provide HA to your WIs (need at least two).
The rest of the farm components have HA built in or have recovery times. ZDC/XML multiple can be specified for HA. Datastore/License Server can be down for up to 30 days. I think the Datastore can be down longer, but I wouldn't advise longer then it takes to get it back up.
The design above is only for one location. Do you have a plan for how the clients resolve your AAC/Access Gateway or WIs. What I mean is that if DNS points to location A (http://citrix.company.com), and location A goes down then how do the users get directed to location B. Does your URL (http://citrix.company.com) DNS round robin or 3DNS between the two locations? Are you just goint to have your end users go to a different URL in case of a disaster?
A little more information on what you have or what you've planned thus far might help. If you want to make sure the URL is redundant then that adds more to the equation. If you're just going to "tell" users it is time to use the other URL (i.e. that points at the other location) then that's something else.
I think I've explained/asked enough for now. Let us know your thoughts and I/we will continue to expand.
I know various setup/configurations, but that doesn't mean there aren't alternatives.
First, is AAC a component of Access Gateway? I'm only familiar with Access Gateway running a service that can do end point analysis.
As for a VIP (Virtual IP), the only way I know how to use that is if the VIP is assigned to a network appliance (F5, Cisco Load Balancer, Netscaler/Access Gateway, etc.) in a pair for HA. That way the network appliance is HA because there are two (I think you can do Active/Passive and Active/Active, but I think you'll need to enable sticky bits) and they provide HA to your WIs (need at least two).
The rest of the farm components have HA built in or have recovery times. ZDC/XML multiple can be specified for HA. Datastore/License Server can be down for up to 30 days. I think the Datastore can be down longer, but I wouldn't advise longer then it takes to get it back up.
The design above is only for one location. Do you have a plan for how the clients resolve your AAC/Access Gateway or WIs. What I mean is that if DNS points to location A (http://citrix.company.com), and location A goes down then how do the users get directed to location B. Does your URL (http://citrix.company.com) DNS round robin or 3DNS between the two locations? Are you just goint to have your end users go to a different URL in case of a disaster?
A little more information on what you have or what you've planned thus far might help. If you want to make sure the URL is redundant then that adds more to the equation. If you're just going to "tell" users it is time to use the other URL (i.e. that points at the other location) then that's something else.
I think I've explained/asked enough for now. Let us know your thoughts and I/we will continue to expand.
ASKER
I want everyone to go to site A as long as it is up and go to site B if it is down.
The Advanced Access Server is the software bit which does the end point analysis scan and is normally used in conjunction with the Citrix Access Gateway hardware but in view of the fact we have a Cisco ASA I want to avoid having to purchase additional hardware if possible, if it is not then a CAG or Netscaler will be the way we have to go.
I would like the failover to be as seamless as possible so maybe we could round robin the URL but it is all a bit hazy at the minute so I am looking for any advice I can get.
At the moment we have the scenario above, i.e.
Part 1: I have 1 site which contains and Advanced Access Server, a Web Interface and 2 seperate Citrix Farms. The AAC performs an end point analysis on internal machines. If the machine is a member of the domain, it will be taken to one of the farms and can access certain applications. If the machine is not a member of the domain, it is taken to another set.
This is all working correctly.
The second part is purely at planning stage, we do not yet have the 2nd site configured in any way.
Thanks for your help.
The Advanced Access Server is the software bit which does the end point analysis scan and is normally used in conjunction with the Citrix Access Gateway hardware but in view of the fact we have a Cisco ASA I want to avoid having to purchase additional hardware if possible, if it is not then a CAG or Netscaler will be the way we have to go.
I would like the failover to be as seamless as possible so maybe we could round robin the URL but it is all a bit hazy at the minute so I am looking for any advice I can get.
At the moment we have the scenario above, i.e.
Part 1: I have 1 site which contains and Advanced Access Server, a Web Interface and 2 seperate Citrix Farms. The AAC performs an end point analysis on internal machines. If the machine is a member of the domain, it will be taken to one of the farms and can access certain applications. If the machine is not a member of the domain, it is taken to another set.
This is all working correctly.
The second part is purely at planning stage, we do not yet have the 2nd site configured in any way.
Thanks for your help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
All the information you provided was at least helpful and more informative than what I myself knew.
Thanks for your assistance.
Thanks for your assistance.
So, I'll break it down this way. You have Site A and Site B. Obviously you need WIs (since that is the access connection to XenApp) in Site A and Site B.
Assuming the farms are active/active, you need to load balance between the WIs. This part might be too expensive/complicated, but I think (there may be other technologies) you'd need 3DNS to load balance. As for who goes where when both sites are active, I'm not sure with 3DNS.
I guess I need to understand what you mean by DR. Yes, I understand disaster recovery, but you state two things I need to clear up:
1. "Move users to the other sites", do you mean existing users or new users? I assume new users because in the case of DR existing users have probably lost their connections and cannot be resumed at another site (well I shouldn't say "can't" but that's another conversation).
2. XMLs (again) can't be share between two different farms. You could have 1 farm, but other questions come up if you tried to do that (ex. bandwith/latency between locations).
3. "failure or the XML server", I see no reason for failing users over to a DR farm if an XML server fails. You can specify multiple XML servers in a farms WI or us a load balancer with multiple.
It depends on HOW much high availibility you need. Maybe if you could expand on what "disaster" you're want to recover from (A site completely going offline, an XML server failing, a Datastore failing, a License server failing, etc.). If it isn't something besides a site, then there are ways within a site to provide HA.