CourseTranscript

WindowsServer2012R2NetworkLoad Balancing
LearningObjective Aftercompletingthistopic,youshouldbeableto determinethemostsuit
odetoconfigureinagivenscenario
1.Meetyourinstructor MicrosoftWindowsServer2012R2ConfiguringAdvancedServices:HA
Hi,mynameisJasonGatesandI'maMicrosoftCertifiedTrainer,or MCT.Imaginethatlaten
pandthe headoftheaccountingdepartmentissaying,"Hey,theserversare down."Soyouha
adedbacktothe office,andatthattimeyouarethinking,"Well,wouldnotitbe greatifI
usinesscontinuity?"Well WindowsServer2012R2hastwofeaturestohelpyousolvethat prob
elatenightcalls...thatisaNetworkLoad Balancing,orNLB,andfailoverclustering. The
nderstandhowtomanageand configureNetworkLoadBalancing. Andinthiscourse,wearegoi
o.Nowthey arenotidentical.NetworkLoadBalancingisidealforspecific situations,while
eringisidealforothersituations. Sowewilltalkaboutthedifferencesbetweenthesetwo,
tallthemandhowtoconfigurethem.
2.NLBusage ThatAccountingdepartmentwebserverisindireneedofsomehelp.It'snotres
st,sotheyhavecalledyouintosavetheday.Whatdoyoudo?
Wellonethingyoucoulddois,throwmoneyattheproblem,right?Addadditionalmemory,add
sthatwillmakethatserverrespondbetter.Butitdoesn'teliminateyoursingle pointoffa
veamotherboardthatgoesoutoranetworkcardthatgoesout.
Whatifyouneedtoupdatethemachine,patchthemachine,whichmeansyouhavetorebootit.
aysavailable.Welltheanswertothat,then,wouldbetohavemorethanone, right?Redundan
tsystemsmeansredundantInternetProtocol,orIP, addressesandredundantaddressesandURL
Sowhataboutaloadbalancer?Youcouldinvestinahardwareloadbalancerthatcandistribu
tmeansmoneyandthatmaynotbeinthebudgetrightnow.SoenterNetwork LoadBalancing,o
lutionbecauseit'sintheboxandcomes withWindowsServer.It'saninexpensivewaytobea
stems,adegreeof loadbalancingandfaulttolerance,allfromwithinWindowsServer. NLBis
ndofapplication.Butitdoesworkwellforwebserversandaccess servers.Itcanalsohelp
tweightDirectoryServices,orADLDS.Andthe reasonNLBcanhelpwiththosetypesofapplic
pplicationsarestateless,
meaning,thoseapplicationsarenotconcernedwithmaintainingdatachangesfromsessionto s
sthejobofadatabase,andthat'sthereasonwhydatabasesdon'tworkwellonNLB. Nowkeep
figurationwhereyouhaveyourdatabaseprotected withfailoverclustering,butaccesstoit
oadbalancingclusterlikethefront endportionofawebsite,youknow,awebsiteprovidin
achnodeinanNLBcluster,itgetscombinedandit'scalledahost.Nowtheygetcombinedin
er,andyoucouldhaveanywherebetween2to32ofthesedifferenthosts. Eachofthesehosts
12,andtheyhaveanidenticalcopyofthe applicationliketheirwebsiteorinthecaseof
work,orVPN,access configuration.Nowwhentheyarecombinedintothatsinglevirtualclust
esclient connectionsacrosstoeachoneofthosehosts,andthatiswherewegetourreliabi
e.Ifanyoneofthesenodesgoesdown,thereareothernodestheretopickuptheslack. If
d,wellthenthereareothernodesthatcancontinueto providethatwebsiteorthatclient
rk?WellNLBworksnotmuchdifferentthanfromtheclient'spointofviewanyway, notmuchd
eofwebsite.Thatiswhenyougotoawebsite,theclientsends alookuprequesttoDNS.
henamethattheclient used,andthentheclientusesthatIPaddresstoconnecttotheweb
view,thosesamemechanicstakeplacewhenwearetalkingaboutanNLBcluster.Buthereisw
oandrequestthatIPaddressfromDNS,DNShasinitarecordforthename ofthecluster,n
ame.AndbehindthatgroupnameisagroupIP address,avirtualIPaddress,andsoitisimp
lusterthatyou createthenecessaryrecordinDNSthatpointstotheclusterIPaddress.
WhenaclientconnectionismadetothatclusterIPaddress,eachindividualnodeisrunning
hconsistentlyknowwhoissupposedtohandlethoserequests.Sowhenthose requestcomeint
eofthosenodeswillstepupandsay,"Igotthatone." Andthenthenextrequest,adiffere
tthatone."That'sallthe magicbehindNLB. 3.Controllingtraffic InNLB,eachnodeisbei
tionscalledportrules.Now,it'stheseinstructionsthat telleachhosthowtohandlecerta
rinstance,youmighthavearulethatsays, 'webtraffic'thatistrafficdestinedtoport8
hehost.That'scalled Multiplehostsfiltering,andit'saparticularsettinginsideofthes
Nowyoumightalsohavecertainhoststhatyoupreferforcertaintypesoftraffic,soyouca
s,aswell.Andifyouwantedtobeevenmorespecific,youcansetupwhatiscalled Single
tportrule,youcanprioritizetrafficforspecifichostto specificapplications.Sothese
epriorities,thesettingsthatcombineinsidethe portrule,theseallinstructeachNLBhos
tifieswhoisresponsibleto respond.
Nowifallthingswereequalinsidetheserules,eachhostwouldknowwhenit'sresponsiblet

.Buthowdowepreventeveryhostrespondingtoeverysingleconnection?Welleach hostruns
enitsturnhascome,andwhenitneedstorespond.
Nowyoumightalsowonderwhathappenstotrafficthatdoesnotactuallyapplytoanyofthes
hereiswhatiscalledadefaulthost.Andlikeateamcaptain,ifthereisan unclarifiedco
atconnectionattempt. NowwhenyoubuildyourownNLBcluster,thereareseveralthingsyou
les andhowtoconfigurethem.NowifyouareusingtheMultiplehostsfilteringmode,which
soneedtodeterminewhichAffinitymodeyouneedtoset.
AffinitymodeisasubsettingwithintheMultiplehostsfilteringmode,andyouhavegotthre
rNetwork.Itsoundslikeastatusfieldinadatingsite.NowtheNoneaffinitymodeis the
tsareequallyresponsiblewithnootherpreferenceindicated. NowifyouchoosetheNoneaff
tnecessarilymeaneveryconnectionattemptwill berandomlyassignedtoadifferentserveri
snotthatrandom. ConnectionsarestillcalculatedevenwiththeNoneaffinitymode.Nowo
yis basedonandtheseconnectionsareevaluatedagainstistheclient'sIPaddressandthe
ntisusing.SowhenyougototesttheNoneaffinitymode,dependingonyourclient software
eryourselfgoingtothesamenodemoreoftenthanyougotothe othernodes,andthatisbec
'sIPaddressisnotchanging. Nowwhatifyourwebsiteusesshoppingcarts?Customeraddss
ythenthey discovermomentslaterthatthecartisempty.Wellhowcome?Welltherecouldbe
pschangesinthecluster,perhapstheclusterisrunningintheNoneaffinitymode.Now you
oyourwebsitesessionsonyourNLBclusterusingadifferentAffinity modecalledSingleaf
sousetheTimeoutvalues.NowSinglemodetells NLBclusterstoguaranteethatallconnectio
ssgotothesameserver.This makesitmoredurable.NowadministratorscanalsoaddaTimeo
t Affinitywithakindoftimetolive.Thiswaybrokenconnectionsornewconnectionsarere
,solongasitiswithinthatTimeoutvalue.ThisisespeciallyhelpfulforSecureSockets L
sbecauseit'smadeupofmultipleTCPconnections.Andultimately,italso keepstheshopper
kaffinitymodeisalotliketheSingleaffinitymodewhereit'sintendedtoensurethat net
larclientgoestothesameclusterhost.TheideabehindtheNetwork affinitymodeistosup
hatarepassingthroughmultipleproxyservers. Whenyouhaveaconnectionattemptcomingfro
s,itmightappeartotheclusterasif theyaremultipleclients,andthereforetheconnecti
tion.
WiththeNetworkaffinitymode,youmaketheconnectionalittlebitstickier,soanyclients
irectedtothesamehost.NowonefinalthingIwanttomentionabouttheseAffinity modes,i
itymode,keepinmind,itdoesnotworkwellwithIP fragments.SoMicrosoftrecommendsthat
oselecttheUserDatagram Protocol,orUDP,protocolorboth,theTCPandUDPprotocols.Non
nnectionsthat'sgoingtogiveyouthebesthandlingofyourIPtraffic. 4.NLBoperationsan
ithinanNLBclustercandetectwhenanotherhostgoesdownbecauseofheartbeattraffic. Hea
ypacketsthateachhostinaclusteremitsonafairlyfrequentbasis.Now whentheseheartb
ticularhost,welltheclustergoesintotriagemode.It recalibratesitself.Thisiscalled
ergencestabilizestheclusterwheneverany changeisintroduced,andonceconvergenceiscom
nawayitgoes,anditcontinuesto respondtoclientconnectionswiththeremaininglaststa
Nowthisallhappensinamatterofseconds.Keepinmind,it'sstillpossibleforaclientw
seconnectionduringthisconvergenceprocess,iftheyareconnectedtothe hostthatfails.
llconsideredmoreofahighavailabilitysolutionandaload balancingsolutionratherthan
ion.Nowthereisanotherdisadvantagetonetwork loadbalancing,andthatis,itcannotdete
ure.Thatmeansiftheapplicationhangs andstopsresponding,theservermightstillbeable
tpackets,andtheclusters unawareofanyproblem.Soforgreaterresiliencyatthatapplica
avetoconsider athirdpartysolutionlikeanappliancebasedloadbalancingsolution,oryo
r Microsoft'sfailoverclustering. Administeringaclusterismadeeasybecauseyouhavemult
lcommandsthatyoucan issue.Forinstance,ifyouhavetotakeanodeoutofthecluster,b
radeonit,wellyoucandowhatiscalledaDrainstop,whichmeansnonewconnections.Youw
forthoseconnectionstotimeout,theclientornodeisactuallyfreeofanyconnections,the
tofthecluster.Youcanaddandremovenodestoyourcluster,anditreconvergesina matte
alableandaveryconvenientinthecaseyouhavetodo upgradeordoanyservicing.Nowkeep
Itool,NLBmanager, butyoucanalsoperformthesetasksusingPowerShellandthecommandli
LB. NowacoupleofimportantrecommendationsbeforeyougoandbuildyourfirstNLBcluster.
stothinkabout,andthatisyouwantyourNLBclustertypicallytorunonasinglesubnet.
oidentifyhowmanynetworkingcardsyouaregoingtouse.It's recommendedthatyouusemult
venthoughit'snotrequired.Thereasonfor thatis,havingaseparateinterfacetosupport
ndsothosehost communicationsareonaseparatenetworkcomparedtotheclientaccesscommu
dependsonwhattypeofactualoperatingmode,woulddependonwhetherornotyouareusing m
hisiscalledUnicastorMulticast.

IfyouhaveasingleNIC,thenyouhavetousetheMulticastmode.ThedownsideoftheMultic
fficthatitmightgenerateonyourswitches,theportfloodingthatmight occur.Sothenyou
anagementProtocol,orIGMP.ThedownsidetoIGMP iswhetherornotyourenvironmentsupports
mefactorstheretiedtohow manynetworkcardsyouaregoingtouse,andwhatyourspecific
kslike, andwhetherornotit'scompatiblewithNLB,soevaluatethat.Anotherimportantthi
blingloggingonyourclusters,sothatyoucouldhaveauditinformationandsecurity,NLBdo
rity.Soit'sreliantonthesecuritywithintheapplicationandothersecuritypractices tha
ConfiguringaWindowsServer2012R2NLB Cluster
LearningObjective Aftercompletingthistopic,youshouldbeableto choosethebestoperati
ureinagivenscenario
1.Demo:InstallingNLB Okay,let'sbuildaNetworkLoadBalancing,orNLB,cluster.Ihaveg
atIam goingtouseformyNLBcluster.TheyareallrunningInternetInformationServer,or
sprettystraightforward,muchlikeanyotherrolethatyouhaveseeninstalledinServer201
sandFeaturesWizard.YouseeIamdoinghere,andthereisNODE1, andthenIcouldactually
islist,ifIwanted.It'safeature,notarole,so thisserverisactuallyaWebServer,so
rverrolealready.AndI havedonethatonthe...Ihavedonethatontheotherserversaswel
WebServers,soIamaddingtheNetworkLoadBalancingfeaturenow.
AndIwillincludetheNLBtool,andfirethatoff.Nowtheotherwaytoactuallyinstallthi
rShell.
Graphic
TheHyperVManagerwindowisopen.Inthenavigationpane,underHyerVManager, HV97issel
rtheVirtualMachinessection,thedetailsof variousvirtualmachinesarelistedinatabul
ualmachines NODE1CORP10.0.3.51,NODE2CORP10.0.3.52,andNODE3 CORP10.0.3.53 arein
ge,andwithAssigned Memoryof1078MB,904MB,and594MBrespectively.Thevirtualmachine
LUSTER3,SANSERVER,andAPP4CORP10.0.3.4 arein theSavedstate. Intheviewpane,the
E1CORP10.0.3.51,andtheNODE1 CORP10.0.3.51onHV97VirtualMachineConnectionisesta
pageoftheServerManagerwindowisdisplayed.TheinstructorclicksManage,clicksAdd Rol
dtheAddRolesandFeaturesWizardisdisplayed.OntheBefore youbeginpage,theinstructo
ctinstallationtypepageisdisplayed. Thispagedisplaystwooptions Rolebasedorfeatur
dRemote DesktopServicesinstallation andtheRolebasedorfeaturebasedinstallationopt
fault,theinstructorclicksNext,andtheSelectdestinationserverpageis displayed.Onth
erPool,NODC1.Windows.brocadero.comisselectedby default,theinstructorclicksNext,and
torclicksNext,andtheSelectserverroles page.Onthispage,FileandStorageServices(1
rver(IIS)(8 of43installed)checkboxesareselectedbydefault,theinstructorclicksNext
aturespageisdisplayed.Onthispage,.NETFramework4.5Features(2of7installed)is sel
tructorselectstheNetworkLoadBalancingcheckbox,andthe AddRolesandFeaturesWizardis
dRolesandFeaturesWizard,the instructorclicksAddFeatures,andthewizardisclosed.On
ge,the NetworkLoadBalancingcheckboxisnowselected,theinstructorclicksNext,andthe
Confirminstallationselectionspagedisplayed.Onthispage,theinstructorclicksInstall,
llationisinprogress.TheinstructoropenstheWindowsPowerShellwindow.
SooneofthethingsIwouldliketodois...Iwouldliketoactuallydothisremotelyusing
.Sowiththeinvokecommand ,actually,let'sdothisfirst.Letmefind upthenameofnlb
b* ,soithasjustcalledNLB,which issimpleenough.SowhatIamgoingtodois,Iamgoi
isonnode2andnode3,andIamgoingtopassthecommandsthatarefoundinthe scriptbloc
allwindowsfeature ,andIwantto installnlb,andIneedtoincludemanagementtools justl
alternativewaytoinstallafeatureinWindowsServer2012,andinthisexample,Iamusing
sactuallyinstallingthisacrossthenetworkremotely.Soyoucan see...it'skindofflippin
een24%and91%,andyoujust...youaregoingtosee differentnumbersbecauseeachoneofth
ingatdifferent rates. Andsohereisnode2replyingbacksaying,"Success",andtheninal
eply...thereitisfornode3.Sothat'showyouinstalltheNetworkLoadBalancingfeature.
Graphic
TheWindowsPowerShellwindowisopen.Attheadministratorcommandprompt,the instructorru
gcommand: getwindowsfeature*nlb* Theoutputofthiscommandisdisplayedinatabular
ame,and InstallStatearethecolumnheadings.ThedisplaynameforNLBisNetworkLoadBala
tateisAvailable.ThedisplaynameforRSATNLBisNetworkLoadBalancing Toolsanditsinst
Thenattheadministratorcommandprompt,theinstructorrunsthefollowingcommand: inv
,node3scriptblock{installwindowsfeaturenlb includemanagementtools} Theoutputofthi
ollows SuccessRestartNeededExitCodeFeatureResult
NING:Windowsautomaticupdatingisnotenabled.Tothatyourroleorfeatureis automaticall
ndowsUpdate.