I’m aware that Citrix has the public KB:
How to Configure Windows Network Load Balancing and Web Interface
http://support.citrix.com/article/CTX108812
… available but I noticed that the KB references Windows Server 2008 R2. Since my environment consists of Windows Server 2008 R2, I went ahead and tried to search for a KB that showed how to configure NLB with Windows Server 2008 R2 but wasn’t able to find one. I’ve done several NLBs in the past so rather than calling Citrix to ask, I just went ahead and configured it. The following demonstrates what the process looks like.
Start by logging onto both of your Citrix Web Interface servers, open up the Server Manager navigate to the Features node and click on Add Features:
Continue and check the Network Load Balancing feature to install NLB:
Once the Network Load Balancing feature is installed, open up the Network Load Balancing Manager from the Administrative Tools folder:
Once you’re in the Network Load Balancing Manager console, click on the Cluster folder and select New:
Continue by adding the IP or name of your first Web Interface server:
Click the Connect button after you’ve entered the IP or name:
You should see the status Connected under the Connection status heading:
Proceed by clicking on next and you’ll be asked to assign a priority which is also a unique host identifier. The dedicated IP address should be automatically entered for you as your server should be single homed (1 NIC):
Proceeding to the next screen will bring you to the New Cluster: Cluster IP Addresses window. Click on the Add button:
In the Add IP Address window, proceed with entering your VIP (Virtual IP Address):
Once you’ve entered the VIP for the NLB cluster, you should see it listed in the New Cluster: Cluster IP Addresses window:
Proceeding to the next screen will allow you to select the cluster’s IP address and enter the Full Internet name which is what you’ve decided to use for your DNS name:
It’s important to note that we’ll be using Multicast mode for the cluster’s operation mode and rather than trying to explain it myself, refer to the following article if you want to know the difference between Unicast and Multicast:
http://technet.microsoft.com/en-us/library/cc782694(v=ws.10).aspx
**Note that because we’re using multicast mode for this cluster, make sure you ask your network engineer that he’ll need to create a static ARP entry on the layer 3 device with the MAC address listed below in the Network address field:
Proceeding on to the next screen will allow you to edit the port rules. As best practice, you should lock down Web Interface servers by only allowing port 80 and 443 to limit possible surface attacks:
I won’t go into this but what you need to do is remove the port that covers 0 to 65535 and add 2 separate port rules (one for 80 and one for 443) into the windows above.
Once you’ve clicked the Finish button, the cluster will be created. A successful cluster creation in Network Load Balancing Manager will look something like the following:
Now that we have our first web interface server added, proceed with adding the second web interface server by click on Cluster then Add Host:
Proceed with adding the IP or name of the second web interface server as you did with the first one:
Assign a priority and ensure the dedicated IP address is correct:
Configure the appropriate ports:
Complete the configuration and you’ll see the second node being added:
Upon completion of the convergence, you’ll see something similar to the following:
This completes the configuration but make sure you ask your network engineer to create a static ARP entry on the layer 3 device with the MAC address of the cluster (mapped to the VIP). To retrieve that MAC address, right click on the cluster, click on Cluster Properties:
Within the cluster’s properties:
… click on the Cluster Parameters tab to get the MAC address of the cluster:
Note that your web interface’s NIC’s MAC address does not change:
Also note that NLB only protects you against server up down and not at the services level.
No comments:
Post a Comment