Solved

Netscaler 10 Load Balance IIS 7 Web Services

Posted on 2014-11-20
19
1,370 Views
1 Endorsement
Last Modified: 2016-10-25
I want to make sure I am doing everything correctly.

I have been asked to load balance to IIS 7 stand alone web servers. I have already setup the DNS A record, Netscaler services etc...

But when I when to the access the new IIS site via the URL I got the default page.

I noticed the following on the web servers which I do not manage.
1) They do not have a bind on the site to include the new VIP name
2) They do not use the main default site but a nest directory for exampl site.com/home/site.asp

Item number one would need to be correct before I go any further correct?
1
Comment
Question by:compdigit44
  • 10
  • 9
19 Comments
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
I'll assume that you have a setup something like this:

External (Internet available) IP:
- 123.100.100.10 resolves to www.site.com

Internal IPs:
- 10.100.100.11
- 10.100.100.12

In IIS, the website should exist on both servers and the sites should be bound to the IPs that are to be used.  Do not use "All Unassigned."  I've found it better to have a decicated IP per website when running a load balancer in front of your web farm.  You could implement LB with web servers that use 1 IP and Host Headers, but that may make the configuration of the virtual server on the Netscaler a bit more complicated.

How to verify functionality:
1. test internal access to each websites by hitting the IP addresses directly from inside your network, using the required URL.
2. test access to the public internet URL

If #1 doesn't function, #2 won't either.

Dan
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
Thanks for the replay.. It sound like I am on the right track then that both IIS server would need to have the new VIP DNS named bound to both site correct???
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
Not quiet sure what you mean.  The VIP sits on the LB.  You update your public DNS Server(s) to point your website's host name to point to that IP address.

On the IIS servers, you just need to make sure that the website is directly assigned an IP address in its binding configuration.  These will be private (inside) IPs, they will not be directly accessible by users that access the website from the Internet.

There should only be a firewall rule that allows http/https traffic to the public (routable) IP of the LB for the server group associated with the 2 IIS servers (the server farm).  If you use SSL, the SSL certificate needs to be installed on the LB and the server group needs to be configured to allow https.

So, on LB:
1. VIP = 123.100.100.10
2. Public DNS points 123.100.100.10 to www.site.com
3. Server group directs traffic for www.site.com to the inside IP addresses of the 2 IIS servers

In this scenario, the LB looks like the website to the Internet users, and the LB looks like the client to the IIS servers.

Dan
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
I guess what I am trying to say is that the web servers only have there default binding and respond when a user types in the host name of the server and not the intended name. This is why I thought I needed a binding
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
OK, maybe I'm missing something about your question.  So let me recap...

the web servers only have there default binding

Does this mean you cannot reconfigure (or have it reconfigured) to bind to the not default configuration?  Leaving the website bound to the "All Unassigned" default binding will potentially cause an issue.  I recommend you work with someone to reconfigure the website as I mentioned above.

respond when a user types in the host name of the server and not the intended name

I'm not sure what "intended name" means.  If a user types www.site.com, that is what they intended to do.  When using a Netscaler for load balancing, you are putting a device in front of the actual web servers that will be known to the Internet as the website host name (i.e.:  www.site.com).  This device will accept connections to the www.site.com name and then, behind the scenes, send the request to one of the servers configured in the server group for that VIP.

So an Internet user will request, http://www.site.com/home/site.asp, the LB will send a request to, http://<OneOfYourServersInternalServers>/home/site.asp

This is why I thought I needed a binding

A binding for what?  A DNS entry for the Netscaler VIP?


Dan
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
Thanks I understand how the NEtscaler redirects users to a server in the backed but the both it both servers running this site are stand alone and DO NOT Respond to the same same. SO the only way i can get this to work in it current config it to have the redirect point to one of the servers directly which defeats the purposes of the load balances...

I hope this makes sense what I am trying to say and sorry for the poor explanation.
0
 
LVL 26

Accepted Solution

by:
Dan McFadden earned 500 total points
Comment Utility
I'm not sure you understand what it is you need to do to the web servers.

You need to have the website you want to load balance, installed and configured on BOTH IIS Servers!  They do not have to respond to the same website host name.  The LB will respond to the website's host name, the IIS servers need to respond to a request, from the LB, for the website... so the site must be running on both servers.

The http request sequence will look like this (simplified version, not exactly technical):

1. user enters the website's URL into their browser. They type = http://www.site.com/home/site.asp
2. their computer resolves www.site.com to the VIP on the Netscaler
3. the browser sends a request to Netscaler VIP for http://www.site.com/home/site.asp
4. Netscaler checks the availability of web servers configured in server group
5. based on the load balancing configuration, sends an http request to either one of the IIS Servers in group
5a. http request sent to IIS Server:  http://<serverIpAddress>/home/site.asp
6. IIS Server responds to the Netscaler with the request page content
7. Netscaler sends the page content it got from the IIS Server that responded, to the user that made the request
8. user browser displays page in browser

So you see, if you have 2 IIS Servers in a load balancing group on the Netscaler, both of those IIS Servers need to have the webpages (code) for the website, installed and functioning on it.

I hope this helps you understand what it is that you need to do.

Dan
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
The problem is I did not setup the web server nor do I manage it. I am trying to advise the person in our company own over sees this server on what needs to be done.

Right now both web servers run the applications web service BUT respond to two different names for example: http://server1 and http://server2. Also the web application does not use the default site but a site created by the application so when users access the page they go to:

http://server1/site/login.aspx

on the netscaler I already creat the VIP and DNS name they want both servers to respond to problem is when users type in the VIP name it bring them to the default IIS 7 page. "I" figured this was because either site on both servers does not know to respond to the VIP name???
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
OK, so if I understand correctly:

- There are 2 web servers:
1. server1
2. server2

- Each web server has the site setup, configured and confirmed to be working.
- The default site is not used. (this is a good thing!)
- The Default site is active. (this is a bad thing!)

The fact that the servers have different names, is expected and can be no other way.  If they both have the website running properly on them and all functionality is running as expected.  Then the issue existing in how the server group (load balancing group) is configured or how the site having their bindings setup.

Q1:  My questions are (as asked in posts above) are the sites on the 2 web servers bound to the "All Unassigned" address or using a statically assigned IP address?

I believe I have described what needs to be done to the site configurations on both servers, in my first post.

I have deployed, into Test and Production environments, Netscalers supporting more than 70 servers and 40 web farms (servers groups) using the described configuration and processes.

Dan
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 19

Author Comment

by:compdigit44
Comment Utility
Dan, thank you for your reply. As you can see I am not the best at IIS and Citrix but am trying and appreciate your patience.

I will do my best to answer your questions(s)

- On both webservers under bindings only the default bindings are present and all are bound to "All unassigned". There are no bindings present that would make the site respond to the name web.company.com. They would only respond to a Http request using their server name http://server1.company.com..

This is the part that is messing me up. The Netscaler is setup or I tried to setup to have a VIP name of web.company.com which list the http service for both servers. I only thought a binding would be needed since the Netscaler in RoundRobin passes the request to either server in the backend so both servers would need to be able to respond to the http request name some how.
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
In IIS you have to chose an IP address for a binding.  That IP address does not need to be the IP of the website on the Netscaler, just choose an IP address other than "All Unassigned."

Your binding should look something like this:

Example of binding an IP address to a website in IIS
Add/Edit a Binding in IIS
Each IIS Server will have a unique IP address binding, as in the example in my first post.  These 2 unique IP addresses will be the internal IP addresses that you use when configuring the load balancing group (server group) on the Netscaler.  On the Netscaler, the VIP, it the IP address that people can see on the Internet.  This is the IP address that has a DNS entry made available for the URL Host Name that the website operates under... i.e.: www.site.com.

Again, this is stated in the first post on your question.

Dan
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
I thought about this some more and think I understand why this is a problem for me.

The users need to be redirected to a page like http://server.company.com/login/home.aspx

SO when they type in the VIP name is redirects them to the main page and not the sub site which is why they are getting the IIS 7 page... SO under redirect I added the full path users should be redirected to http://server.company.com/login/home.aspx using the VIP name and still got the same IIS 7 page.. so maybe my redirect is not setup properly..
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
If you are getting the default website when using the load balancer, you are going to the wrong destination.  Adding a redirect is probably necessary, but first you need to be hitting the proper website.

Here is a test:
1. on each server, create a test.html page (in the root of the website, not the actual application location) that has the server name in the content of the page.
2. access the website thru the load balancer.
3. if you load balancer is setup for correctly, you should be able to see the content of the page switch between server name 1 and server name 2.  You may have to clear you browser cache to see the results.

If this works, your server group is configured correctly.

The next test is to enter the URL that leads into the web application:  http://www.site.com/login/home.aspx.  If that works, then setting up a redirect is the next step.

Dan
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
Here are my results

1- was able to access the test html file on the default site

2- was able to access the test html file on the default site going through the netscaler

When I try to type in a redirect using the VIP name is where things break. I does work though if I do not use the VIP name in the redirect but the name of one of the servers
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
I have been reading that some people have used responder or rewrite policy to redirect users to URL on 2 different backend servers...

Basically there seems to be multiple ways to get this done... Since I am not strong on the Netscaler is why I was going to added a new binding to both back end server so they both can respond to server.company.com then in the redirect space type in server.company.com/login/local.apx...

Do this sound that crazy?
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
The URL redirect can be done on the IIS Server.

If the websites are responding to the test.html, on both servers, then there is no issue with bindings and the Netscape load balancing group appears to function. The issue now sits with automatically redirecting people from the URL http://www.site.com/ to http://www.site.com/login/local.aspx.

This is nothing more than a redirect on each web server.

Dan
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
Can you access the URL: http://www.site.com/login/local.aspx, or whatever it is, thru the load balancer?

Dan
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
Thank you for sticking with me on this. I have been doing alot of read on this and decided to start from the begin again and change my approach.

1) The Netscaler is smart enought to hand redirecting clients without have to add a binding to the web servers. WIth this in mind I am not try to create a redirect policy to point users from server.company.com to server.company.com/home/login.apsx.

WHen I try to create a new redirect action and copy and paste my new URL I get a expression syntax error..

Thank you for making me stop and think about this more
0
 
LVL 19

Author Comment

by:compdigit44
Comment Utility
I figured it out and was able to get this to work with a Rewrite policy thank you for everything I learned a lot
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now