Book Demo!

Configuring Windows Server NLB for Multi-Node Deployment

Architecture

This article discusses details of Windows Network Load Balancer (NLB) configuration to balance two or more XTAM Server nodes. Earlier we discussed XTAM Server multi-node architecture built using Microsoft IIS server as a load balancer. We also provided example configuration for XTAM Server multi-node deployments using Apache HTTPD server.

Both Microsoft IIS and Apache HTTPD Server are HTTP level load balancers. While this configuration works well for XTAM WEB GUI and in-browser sessions, load balancing of XTAM SSH as well as HTTP Proxy components requires TCP level load balancing. We would recommend to use hardware or specialized load balancers to support these advanced scenarios. However, it is also possible to implement Microsoft Network Load Balancer or HAProxy as a solution to balance multiple XTAM nodes when using TCP level balancing.

The article below provides step by step instructions for configuring Microsoft NLB to balance multiple XTAM nodes. Note that NLB feature is available in Windows Server 2016 and above.

Instructions to configure Windows Server NLB for Multi-Node Deployment

1) Obtain the IP address for use as load balancer address

2) Add this IP to the DNS zone with name where XTAM server will be available

3) Edit server.xml on all nodes and change port 6443 to 443 for web application connector. The file is located in $XTAM/web/conf folder

Windows NLB Server.xml

4) Generate trusted SSL certificates for Fully Qualified Domain Name (FQDN) of all nodes and FQDN of load balancer. Apply certificate to XTAM WEB Application on both nodes.

5) On all balanced XTAM application nodes set IP addresses statically

6) On all XTAM nodes install Windows feature Network Load Balancing

Using PowerShell execute the following command: Install-WindowsFeature nlb,rsat-nlb

You can also add the feature using the Server Manager:

Windows NLB Server Manager

Windows NLB Server Manager 2

7) From Server Manager->Tools start Network Load Balancing Manager

Windows NLB Server Manager LB

8) In NLB Manager create new cluster

Windows NLB Server Manager LB New Cluster

Enter hostname or dns name of first node in Host field and Connect->Next

Windows NLB Server Manager LB New Cluster Host Name

Click Next

Windows NLB Server Manager LB New Cluster Next

On cluster IP Address dialog click Add and enter IP address which was reserved during step 1 -> Ok -> Next

Windows NLB Server Manager LB New Cluster IP

On Cluster Parameters dialog enter DNS name created during step 2 in Full Internet name field and select Multicast mode -> Next

Windows NLB Server Manager LB New Cluster Multicast

In Port Rules dialog screen remove default rule and add rules for xtam application with all necessary ports, like TCP/443 for web access, TCP/9081 for http proxy and so on

Windows NLB Server Manager LB New Cluster Rules

Example of rule for web access using https protocol, “Single” affinity in “Filtering mode” means that all requests from single IP address will be forwarded to same host

Windows NLB Server Manager LB New Cluster Affinity

After adding all necessary ports click Finish. After this network connectivity to your server may disappear for a few seconds.

9) Add second host to your NLB cluster

Windows NLB Server Manager LB Second Host

Enter hostname or dns name of second node in Host field and Connect->NextWindows NLB Server Manager LB Second Host Name

Click Next

Windows NLB Server Manager LB Second Host Next

Click Finish. And if you needs to add additional nodes, just add them as the same way as the second node described above.

Windows NLB Server Manager LB Second Host Finish

After all nodes configurations synchronized, the following screen will appear:

Windows NLB Server Manager LB Second Host Done

Now you can try to access your XTAM Server using load balancer DNS name.

 

Categories: xton

Mark Klinchin

I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.

Related Posts

Industry

The Challenge of Multi-Factor Authentication and Shared Accounts

Recently, I wrote about the importance of combining multi-factor authentication (MFA) and privileged access management. According to 2018 Global Password Security Report, 45% of organizations are already using two-factor authentication (2FA) and the 451 Group Read more…

xton

KuppingerCole Analyst Executive View of XTAM

As Xton Access Manager (XTAM) continues to grow in the Privileged Account Management space we are briefing popular analyst firms such as Gartner, KuppingerCole, Forrester and others about our capabilities and product roadmap.  If you Read more…

xton

Load Balancer Configuration for Apache HTTP Server with Sticky Sessions

This article discusses the details of the Apache HTTP Server Load Balancer configuration to serve as a front end for two XTAM nodes with sticky sessions options enabled. Please refer to the diagram for the Read more…

Copyright © 2019 Xton Technologies, LLC. All rights reserved.