Two CSG+WI servers and Windows NLB

At the moment I have one CSG/WI server (CSG and WI in same box). I'm planing to get HA environment and I'm planing to add new box with same configuration (CSG+WI) and add MIcrosoft NLB.

My environment is installed on Windows Server 2008. WI version is 5.2 and CSG is 3.1.

I have found many docs that WI should support MS NLB but is it supported environment to use NLB with secure gateway and has anyone experience about this. Does it works and is there any problems that I should know?
thaapavuoriAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
thaapavuoriConnect With a Mentor Author Commented:
I think that Citrix doesnt support hardware NLB neither with Secure Gateway... CItrix is selling their own hardware solution for this purpose but it's extremely expensive...

Timo
0
 
thaapavuoriAuthor Commented:
Other thing that I have been thinking that in many docs there is mention that I should have more than one NIC per server. If I have only one subnet is there any reason to configure multiple nics?
0
 
BLipmanCommented:
There are a few issues with NLB to address.  First, how big is the broadcast domain?  If you are plugging these hosts into your LAN then you may have some serious port flooding issues unless you enable IGMP multicast.  If this is a DMZ with few other ports then flood away.  I have seen a bad NLB implementation slow down a Cisco Catalyst core switch and bring the network to a standstill with just 9 NLB servers.  
http://technet.microsoft.com/en-us/library/cc778263(WS.10).aspx

Here is some info on unicast vs multicast
http://technet.microsoft.com/en-us/library/cc782694(WS.10).aspx

I always recommend using a hardware load balancer unless you are confident you can implement IGMP multicast with NLB.  For about $2000 you can get a Barracuda or a Kemp unit
http://www.kemptechnologies.com/us/
These will clear up all of the issues with port flooding etc.  
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Carl WebsterCommented:
Citrix does not support CSG in an NLB setup.  BUT, I have several customers who are running dual CSG/WI servers, both physical and virtual, in an NLB setup with no issues.

CSG 3.2 was just released so you may want to look into that version for security updates to see if any apply to you.  CSG 3.1.3 had several security and setup fixes in it.
0
 
thaapavuoriAuthor Commented:
Okay thanks. I have been thinking should I try this if Citrix doesnt support it. I dont see any reason why it wouldnt work but who knows...

These CSG servers are in LAN (not in DMZ) and there is less than 50 machines (most of them are servers). Our HP Switch should support multicast but Im not very familiar with that. So I need to find out more about this unicast / multicast issue. Thanks anyway about this and links as well.

Thanks
0
 
BLipmanCommented:
One thing you must guarantee is affinity/sticky.  If a traffic 'flow' hits one CSG, it must stay on that CSG for the duration of the session.  If your LB mechanism swings it to the second server during a session the SSL keys won't match (among other issues) and the packets will drop.  
I am sure there are other possible issues (maybe in those links CW posted).  What you can do is call up Barracuda, ask for a 30 day demo of a 340 model load balancer, test it out.  Or try NLB but I always recommend hardware.  
0
 
Carl WebsterCommented:
I also don't recommend trying to implement something the vendor does not support.
0
All Courses

From novice to tech pro — start learning today.