Difference between revisions of "How to configure NLB for Windows Server"
The Wiki of Unify contains information on clients and devices, communications systems and unified communications. - Unify GmbH & Co. KG is a Trademark Licensee of Siemens AG.
(13 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
</div> | </div> | ||
+ | |||
+ | For cluster operation, a network load balancer is required. | ||
+ | |||
+ | It is strongly advised to use Microsoft Network Load Balancer since only the Microsoft Load Balancing (NLB) full functionality is currently supported. | ||
+ | |||
+ | Although by default disabled, it is strongly advised to have NLB Tracing turned on at all times,thus keeping the trace open for troubleshooting possible NLB errors. | ||
+ | |||
+ | Please refer to the official Microsoft Portal for further info. | ||
Line 28: | Line 36: | ||
In order to configure the Network Load Balancer, proceed with the following steps : | In order to configure the Network Load Balancer, proceed with the following steps : | ||
− | 1. On one of the node machines, call '''Start''' > '''Administrative Tools''' > '''Network Load Balancer Manager'''. Thereby, the service is activated on all node machines, which is necessary for cluster operation. | + | 1. On one of the node machines, call '''Start''' > '''Administrative Tools''' > '''Network Load Balancer Manager'''. |
+ | |||
+ | Thereby, the service is activated on all node machines, which is necessary for cluster operation. | ||
2. A tripartite configuration screen opens. To build a new cluster, go to '''Cluster''' > '''New''' in the menu or use the right-hand mouse key to call the context menu and select '''New Cluster'''. | 2. A tripartite configuration screen opens. To build a new cluster, go to '''Cluster''' > '''New''' in the menu or use the right-hand mouse key to call the context menu and select '''New Cluster'''. | ||
− | '''NOTE: | + | '''NOTE: When members of the NLB cluster are running on different ESXi / ESX hosts,you need to be sure that the network used for the NLB is different from the one used for communication between the cluster members (or any other VMs) that are in different ESXi hosts.''' |
3. In the '''New Cluster: Connect''' screen, in the '''Host''' field, enter the IP address of the first node machine.Click on '''Connect'''. | 3. In the '''New Cluster: Connect''' screen, in the '''Host''' field, enter the IP address of the first node machine.Click on '''Connect'''. | ||
Line 47: | Line 57: | ||
Under '''New Cluster: Cluster IP Addresses''', the address of the cluster appears.Click '''Next'''. | Under '''New Cluster: Cluster IP Addresses''', the address of the cluster appears.Click '''Next'''. | ||
− | The cluster shall be reachable via DNS name, enter it in '''Full Internet name''', e. g. cluster.domain.com. In the field '''Cluster operation mode''', select '''Unicast'''. With this setting, all network interfaces in the outer network will be assigned the same MAC address. Thus, inbound data packets are initially received by all node machines and then filtered by the network load balancer. | + | The cluster shall be reachable via DNS name, enter it in '''Full Internet name''', e. g. cluster.domain.com. In the field '''Cluster operation mode''', select '''Unicast'''. |
+ | |||
+ | With this setting, all network interfaces in the outer network will be assigned the same MAC address. Thus, inbound data packets are initially received by all node machines and then filtered by the network load balancer. | ||
+ | |||
+ | 7. In the '''New Cluster: Port Rules''' screen, you set the rules for those ports over which the DLS cluster communicates with the outside world. In case there are some port rules already, remove these with '''Remove'''.[[File:Example.jpg]] | ||
+ | |||
+ | Click on '''Add'''. | ||
+ | |||
+ | 8. The dialog window '''Add/Edit Port Rule''' opens. Enter the parameters for the ports resp. port ranges, as appropriate. Under '''Cluster IP address''', enter '''All''' in order to assign the rule to all IP addresses within the cluster. Under '''Affinity''', select '''None'''. With this setting, it is possible that consecutive requests from one and the same IP address are handled by different nodes. Thus it is ensured that the loads are distributed equally. The following screenshot shows the settings for the ports 10443 and 10444. | ||
+ | |||
+ | [[File:Example1.jpg]] | ||
+ | |||
+ | 9. Enter the rules for the remaining ports, as described in steps 7 and 8. In the following, the ports elementary for the DLS are listed (please refer to the Security Checklist Planning Guide documentation for a complete list of all DLS ports). | ||
+ | |||
+ | * 10443: Receives data from the graphical user interface, that is, from the web browser, when HTTPS is used. | ||
+ | |||
+ | * 10444: Receives data over HTTPS from the DlsAPI, which is the web service interface of the DLS. | ||
+ | |||
+ | * 18080: Receives data from the graphical user interface, that is, from the web browser, when HTTP is used. | ||
+ | |||
+ | * 18443: Receives data from the end devices (HTTP and HTTPS). | ||
+ | |||
+ | * 18444: Receives data from the end devices when a secure connection between DLS and end device is established (secure mode). | ||
+ | |||
+ | 10. When you have entered all port rules, click on '''Finish'''. | ||
+ | |||
+ | [[File:Example2.jpg]] | ||
+ | |||
+ | 11. For the next as well as for all further node machines, if applicable, proceed in the same way as for the first node machine. |
Latest revision as of 09:03, 4 June 2018
For cluster operation, a network load balancer is required.
It is strongly advised to use Microsoft Network Load Balancer since only the Microsoft Load Balancing (NLB) full functionality is currently supported.
Although by default disabled, it is strongly advised to have NLB Tracing turned on at all times,thus keeping the trace open for troubleshooting possible NLB errors.
Please refer to the official Microsoft Portal for further info.
How to install the Network Load Balancer
In the case where the Network Load Balancer is not pre-installed by the system :
1. Open Server Manager . In the Windows Start Menu select Start > Programs > Administrative Tools > Server Manager
2. Click on Features in the left-hand tree.Click Add Features to initiate the Add Features Wizard .
3. Select the Network Load Balancing checkbox.Click Next.
4. Proceed with the installation until you see the final screen.
5. Click on Finish.
The installation is complete.
Note :The Network Load Balancer should be installed-activated on all DLS Nodes.
NLB configuration
In order to configure the Network Load Balancer, proceed with the following steps :
1. On one of the node machines, call Start > Administrative Tools > Network Load Balancer Manager.
Thereby, the service is activated on all node machines, which is necessary for cluster operation.
2. A tripartite configuration screen opens. To build a new cluster, go to Cluster > New in the menu or use the right-hand mouse key to call the context menu and select New Cluster.
NOTE: When members of the NLB cluster are running on different ESXi / ESX hosts,you need to be sure that the network used for the NLB is different from the one used for communication between the cluster members (or any other VMs) that are in different ESXi hosts.
3. In the New Cluster: Connect screen, in the Host field, enter the IP address of the first node machine.Click on Connect.
4. You are in the New Cluster: Host Parameters screen now. In the field Priority, a pre-defined value is displayed, which is a mere numeration and does not imply a prioritization. The IP address field contains the IP address of the network interface.
When all values are correct, click on Finish. The process of adding a node to the cluster may take 1-2 minutes.
5. In the screen New cluster: Cluster IP Addresses, the common addresses of the cluster are provided. Click on Add.
6. In the dialog window Add IP Address, in IPv4 address, enter the IP address at which the cluster shall be reachable. In the Subnet mask field, enter the corresponding subnet mask.
Under New Cluster: Cluster IP Addresses, the address of the cluster appears.Click Next.
The cluster shall be reachable via DNS name, enter it in Full Internet name, e. g. cluster.domain.com. In the field Cluster operation mode, select Unicast.
With this setting, all network interfaces in the outer network will be assigned the same MAC address. Thus, inbound data packets are initially received by all node machines and then filtered by the network load balancer.
7. In the New Cluster: Port Rules screen, you set the rules for those ports over which the DLS cluster communicates with the outside world. In case there are some port rules already, remove these with Remove.File:Example.jpg
Click on Add.
8. The dialog window Add/Edit Port Rule opens. Enter the parameters for the ports resp. port ranges, as appropriate. Under Cluster IP address, enter All in order to assign the rule to all IP addresses within the cluster. Under Affinity, select None. With this setting, it is possible that consecutive requests from one and the same IP address are handled by different nodes. Thus it is ensured that the loads are distributed equally. The following screenshot shows the settings for the ports 10443 and 10444.
9. Enter the rules for the remaining ports, as described in steps 7 and 8. In the following, the ports elementary for the DLS are listed (please refer to the Security Checklist Planning Guide documentation for a complete list of all DLS ports).
- 10443: Receives data from the graphical user interface, that is, from the web browser, when HTTPS is used.
- 10444: Receives data over HTTPS from the DlsAPI, which is the web service interface of the DLS.
- 18080: Receives data from the graphical user interface, that is, from the web browser, when HTTP is used.
- 18443: Receives data from the end devices (HTTP and HTTPS).
- 18444: Receives data from the end devices when a secure connection between DLS and end device is established (secure mode).
10. When you have entered all port rules, click on Finish.
11. For the next as well as for all further node machines, if applicable, proceed in the same way as for the first node machine.