Two CSG+WI servers and Windows NLB

At the moment I have one CSG/WI server (CSG and WI in same box). I'm planing to get HA environment and I'm planing to add new box with same configuration (CSG+WI) and add MIcrosoft NLB.

My environment is installed on Windows Server 2008. WI version is 5.2 and CSG is 3.1.

I have found many docs that WI should support MS NLB but is it supported environment to use NLB with secure gateway and has anyone experience about this. Does it works and is there any problems that I should know?
thaapavuoriAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

thaapavuoriAuthor Commented:
Other thing that I have been thinking that in many docs there is mention that I should have more than one NIC per server. If I have only one subnet is there any reason to configure multiple nics?
0
BLipmanCommented:
There are a few issues with NLB to address.  First, how big is the broadcast domain?  If you are plugging these hosts into your LAN then you may have some serious port flooding issues unless you enable IGMP multicast.  If this is a DMZ with few other ports then flood away.  I have seen a bad NLB implementation slow down a Cisco Catalyst core switch and bring the network to a standstill with just 9 NLB servers.  
http://technet.microsoft.com/en-us/library/cc778263(WS.10).aspx

Here is some info on unicast vs multicast
http://technet.microsoft.com/en-us/library/cc782694(WS.10).aspx

I always recommend using a hardware load balancer unless you are confident you can implement IGMP multicast with NLB.  For about $2000 you can get a Barracuda or a Kemp unit
http://www.kemptechnologies.com/us/
These will clear up all of the issues with port flooding etc.  
0
Carl WebsterCommented:
Citrix does not support CSG in an NLB setup.  BUT, I have several customers who are running dual CSG/WI servers, both physical and virtual, in an NLB setup with no issues.

CSG 3.2 was just released so you may want to look into that version for security updates to see if any apply to you.  CSG 3.1.3 had several security and setup fixes in it.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

thaapavuoriAuthor Commented:
Okay thanks. I have been thinking should I try this if Citrix doesnt support it. I dont see any reason why it wouldnt work but who knows...

These CSG servers are in LAN (not in DMZ) and there is less than 50 machines (most of them are servers). Our HP Switch should support multicast but Im not very familiar with that. So I need to find out more about this unicast / multicast issue. Thanks anyway about this and links as well.

Thanks
0
BLipmanCommented:
One thing you must guarantee is affinity/sticky.  If a traffic 'flow' hits one CSG, it must stay on that CSG for the duration of the session.  If your LB mechanism swings it to the second server during a session the SSL keys won't match (among other issues) and the packets will drop.  
I am sure there are other possible issues (maybe in those links CW posted).  What you can do is call up Barracuda, ask for a 30 day demo of a 340 model load balancer, test it out.  Or try NLB but I always recommend hardware.  
0
Carl WebsterCommented:
I also don't recommend trying to implement something the vendor does not support.
0
thaapavuoriAuthor Commented:
I think that Citrix doesnt support hardware NLB neither with Secure Gateway... CItrix is selling their own hardware solution for this purpose but it's extremely expensive...

Timo
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.