jskfan
asked on
loadbalancing Domain Controllers
I have never put domain controllers behind load balancer, but I have heard that some environments put Domain Controllers behind the load balancer, I am not sure what is the benefit of doing that.
Thanks
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
But Still not clear..
if we have 10 DCs in one Active Directory Site.
If User1 logins in to the domain, then based on what element, that this users will be authenticated by DC1 or DC7 or DC9
if we have 10 DCs in one Active Directory Site.
If User1 logins in to the domain, then based on what element, that this users will be authenticated by DC1 or DC7 or DC9
The client will send out an LDAP ping during the location process, the DC that replies first to this ping will be the one that will be used to log into the domain... That's basically the gist, nothing special about it.
It all comes down to which DC replies the fastest.
You can read more about how the process works here, it's not recent but it will give you an idea on how it works.
It all comes down to which DC replies the fastest.
You can read more about how the process works here, it's not recent but it will give you an idea on how it works.
ASKER
OK...so there is no such Load Balancing..
Any available DC will respond..
Usually if you get authenticated by DC04, most of your future logins will be authenticated by DC04, till probably DC04 is rebooted ...it remembers your credentials...
If that's the case, I believe implementing Load balancer will make sense, it will force each login to go to a separate DC.
Any available DC will respond..
Usually if you get authenticated by DC04, most of your future logins will be authenticated by DC04, till probably DC04 is rebooted ...it remembers your credentials...
If that's the case, I believe implementing Load balancer will make sense, it will force each login to go to a separate DC.
Well, you're entitled to your opinion of course, I'm not convinced :-)
If you want to read up on it, here's a nice blog post someone wrote regarding load balancers and domain controllers.
If you want to read up on it, here's a nice blog post someone wrote regarding load balancers and domain controllers.
we have some of our DC's behind a Citrix Netscaler to host a VIP for LDAP servers for various third party applications .
@compdigit yes, third party apps using ldap authentication for sure we have plenty of those using an F5 load balancer, but for regular clients?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The scenario is all DCs are in one AD site..
Would the authentication be load balanced between all DCs even without Load balancer in place??
Would the authentication be load balanced between all DCs even without Load balancer in place??
If we are talking workstations/clients then yes, the DCs are "load balanced" on that site, If one DC should fails a request would be broadcasted by the client, the first of the other DCs to respond is than the DC the client would use... This is of course high level, there's a little more to it.
ASKER
spravtek
I guess you are talking about fault tolerance.
Load balancing means the Load is somewhat distributed evenly between DCs..
if 100 users login at the same time then if we have 4 DCs , each 50 users should be authenticated by 1 DC
I guess it is not possible without Load Balancer.
I guess you are talking about fault tolerance.
Load balancing means the Load is somewhat distributed evenly between DCs..
if 100 users login at the same time then if we have 4 DCs , each 50 users should be authenticated by 1 DC
I guess it is not possible without Load Balancer.
Who's to say they will not be somewhat evenly dispersed over the DCs? It's not that 100 clients, in your example, will have the same DC when they send out a broadcast, I doubt it very much.
There's probably a way to test this :-)
There's probably a way to test this :-)
ASKER
Do you think a client that is in the same subnet as DC1 will go to another subnet where DC2 is located and get authenticated ?
We are talking all DCs are in one Active Directory site
We are talking all DCs are in one Active Directory site
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you Guys..I will come back to this topic later,
ASKER
I know when DCs are in different site it is another story