Loadbalancer.org Enterprise VA 7.5 - Load Balancing 09/2013
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
IT-ADMINISTRATOR.COM 09/2013
The magazine for professional system and network administration
Special Edition for Loadbalancer.org GmbH
Under Test
Loadbalancer.org
Enterprise VA 7.5
Load Balancing
P R O D U C T S I Te s t
Under Test: Loadbalancer.org Enterprise VA 7.5
Load Distribution
by Thomas Bär
There are many reasons for network
load balancing. On the one hand, the
system load on a server can be shared
among different machines, while on the
other hand, it is relatively uncomplicated to
set up a reserve or backup system. Although
the board resources from Microsoft include the
required technology, the configuration is always
restricted to the participating machines and diffe-
rent operating systems quickly lead to annoyance.
This is where the load balancing solutions from
Loadbalancer.org come into their own. The solu-
tions are available as software or hardware
Source: anatolymas - 123RF
appliances and allow simple configuration.
etwork Load Balancing (NLB) is tual IP), from where the NLB server trans- increases, depending on what the target
N a variation of the cluster techno- fers the incoming and outgoing network configuration is. We required only a sin-
logy. While a genuine cluster refers to a traffic specifically to the background ser- gle virtual network card with two assig-
group of independent computer systems vers. The different methods are based on ned IP addresses, a VIP and a manage-
that each execute the same applications the variety of requirements that they have ment IP in order to make our terminal
and that present themselves to a client as to fulfill. servers, web servers and the Exchange
a single system, NLB is a method for sha- environment suitable for NLB.
ring all tasks for processing and for redis- Lightning-fast Setup
tribution of the tasks in the event of failure The Loadbalancer.org Enterprise Virtual After importing the virtual appliance,
of a node in the system group. Appliance 7.5 was installed and confi- the administrator needs only to switch
gured for the first time quickly and ea- on the VM, and in less than one minute
There is no absolute necessity for the sys- sily. We downloaded the 216-MB Zip he is requested to set up the basic con-
tems to be completely identical in an NLB archive provided for the 30-day trial pe- figuration using the console window.
group.The NLB forwards service requests riod and installed the system once under Anyone willing to work with the stan-
– for example, for web access, to the re- VMware ESXi 5.1 and also as a virtual dard IP address can immediately begin
levant systems, which then process the re- machine under VMware Workstation with the configuration in a web browser.
quests. In ideal cases, an NLB group au- 9.0.1. Along with the VMware platform, However, it is very easy to change the
tomatically detects the failure of a node the software also supports Microsoft Hy- IP address 192.168.2.21, particularly as
and transfers all new requests only to the per-V and is available on a physical ap- the required user and password infor-
remaining systems. NLB is basically suit- pliance in different expansion stages. mation is directly available in the console
able for web services,VPN services, strea- window.
ming media, remote desktop services and In the minimum configuration we se-
proxy services. lected, the NLB server required 1 GB Bare-bones User Interface
of RAM, used a virtual CPU and had a The menu on the Enterprise VA website
NLB can be implemented using a wide virtual 8-GB SCSI hard disk for storing did not particularly impress us, but it at
range of technical approaches. However, the configuration data, the CentOS-ba- least allows the user to switch language
all implementation methods have one sed operating system and the log infor- between English, German and French.The
thing in common: there is one shared, vir- mation. The number of required IP ad- header bar offers the items "Master| Sla-
tual network address (a so-called VIP, vir- dresses and vir tual network cards ve", "Active|Passive" and "Link." The
2 Excerpt from IT-Administator September 2013 www.it-administrator.com
P R O D U C T S I Te s t
Our aim was to achieve two identically
configured Microsoft Exchange 2010 ser-
vers from the predefined "Contoso" series
in the NLB group using Outlook Web
App (OWA) and to access the machines
with Microsoft Outlook. In a real envi-
ronment, the NLB service would be ap-
plied exclusively to the servers that have
the role of Client Access Servers.The ser-
vers process all Exchange client data traffic,
including OWA, ActiveSync, IMAP4,
POP3, RPC/MAPI and Outlook
Direct Routing (DR)
An NLB method based on layer 4 of the OSI refe-
rence model with very high performance in a fre-
quently used procedure in which the NLB server modi-
fies the destination MAC address of the data stream
during active operation. All participating servers ex-
pect to directly occupy the virtual IP address of the
NLB (the VIP). Although the servers are permitted to
and must actually respond via the VIP, this is not the
Illustration 1: Enterprise VA NLB from Loadbalancer.org is fully configured with only a few mouseclicks. However, case for ARP requests. The direct routing mode allows
certain option parameters are not comprehensible without first referring to the documentation. servers in an associated network to access the VIPs
or RIPs (real IP addresses). No additional subnets or
routes are needed in the network, which makes se-
"Master" and "Active" settings were con- DNS settings. The four NICs assigned to tup easier. According to the vendor, Loadbalancer.org,
tinuously displayed in green as we only the virtual appliance can each be associated the direct routing mode for HTTP requests is eight ti-
mes faster than NAT, and in the case of terminal ser-
worked with one NLB server and there- with a VLAN using the Network Interface
vices, the speed advantage over NAT is even a factor
fore could not switch to the second node. Configuration. In environments with of 50 greater.
The main menu on the left includes areas stricter security requirements, it is recom-
Network Address Translation (NAT)
such as "Overview", Local Configuration" mendable to link two Ethernet adapters If DR cannot be used, NAT (also a layer 4 service), is
and "Cluster Configuration." together as a "bond" in each case.The ad- the next fastest option for load balancing. The DR
ministrator can carry out routing at the mode cannot be used if applications cannot respond
Even on the main page, the administrator web interface and does not have to switch to the two required IP addresses (RIP and VIP). The
can view a graphical presentation of the to the console to do so.The administrator setup in the NAT alternative resembles for the most
part that of a firewall environment. As a result, exten-
bandwidth usage, the system load and the can also enter individual commands at the sive changes in the configuration are needed for this
amount of RAM still available for use. web interface for direct transfer to the alternative.
Much more important than this, though shell. The software also displays the result Virtual Server via IP Tunneling (TUN)
– and users cannot see it at this time as – for ifconfig, for example – at the web The "IP Encapsulation" is also found on layer 4. It is
no NLB cluster has yet been configured interface. technical similar to direct routing, except that an en-
– is the key view of the NLB groups.This capsulated IP tunnel is used.
view presents the key fundamental data Complex Exchange SSL Termination
of the involved servers, ports and virtual OWA Load Balancing SSL Termination refers to the ability of the load balan-
IP addresses against a colored background While installation and initial configuration cer to search for session cookies in an HTTPS data
stream on layer 7 of the OSI reference model. To this
whose meaning is self-evident. If every- only take a few minutes, configuration of
end, the system must be able to decode the data traf-
thing is functioning properly, the frame the NLB was rather more complicated. fic during active operation.
around the information and the filling are Fortunately, the vendor provides the ap-
Source Network Address Translation (SNAT)
shown in green, while yellow indicates propriate documentation in the form PDF The HA proxy method implemented on layer 7 allows
the need for administrative intervention, files for the varied range of scenarios, such the correct use of cookies for the assignment of RDP,
and red signals the failure of all relevant as web, Exchange and terminal services. session broker or SSL accesses. The advantage of this
components. These files can be downloaded from the alternative is that the configuration of the applications
and servers does not have to be altered. In terms of
vendor's homepage. It may well be the
speed, according to the vendor Loadbalancer.org, this
The local configuration options are res- case that an administrator, who works on method is slower than layer-4 NLB functionality.
tricted to mandatory parameters, such as a daily basis with NLBs, knows all para-
the assignment of a host name, definition meters in detail.We, however, were grateful Supported Types
of the role that the administrator can de- for the documentation when getting to of Load Balancing
fine to be "master" or "slave", and the know the system.
www.it-administrator.com Excerpt from IT-Administator September 2013 3
P R O D U C T S I Te s t
Since there are plenty of constellations
in which an NLB group server member
is to be shut down, the "heavy-handed"
method does not need to be used every
time. The Drain command on the menu
bar of the load balancer is very practical
in this regard. Along with the Halt com-
mand, which immediately ends all con-
nections to the selected server, Drain
Illustration 2: The load balancing between the servers can best be viewed graphically with a time axis. has the effect that the machine deals
with all connections that are still open.
Since the load balancer does not initiate
Anywhere, in the CAS role. The entire entry to ensure that the machine is con- any further connections in this status,
internal data traffic in an Exchange 2010 sidered less frequently during the as- the server can calmly process the exis-
environment is handled by the Hub Trans- signment of sessions. In general, the ven- ting tasks.
port Servers, which share the load inde- dor – who refers in this case to Microsoft
pendently by default. – recommends assignment by "weighted
Product
round robin" as the most suitable method.
Load balancer in the form of a software or hardware
Using the English version of the PDF ma- There is no dynamic assignment in ac-
appliance.
nual, we began with the installation of a cordance with the current memory or
Vendor
Source Network Address Translation HA- CPU load on the target server. In this case,
Loadbalancer.org GmbH
Proxy (SNAT). More or less twenty pages the NLB would have to sample the data
www.Loadbalancer.org
dealt with setting parameters and confi- on the Windows servers by WMI.
guring settings. While configuration of Price
The smallest model of the virtual appliance, Enterprise
the CAS-VIP bond on the Exchange ser- Reliable Load Balancing
VA R16, limited to 16 servers, costs 1,195 euro. The
ver is, of course, one of the work steps to After about 90 minutes, we were able to
price of the unlimited virtual appliance starts at 2,995
be expected, the manual modification of directly test our configuration. As could
euro as an individual system and 4,995 euro for a
registry values could be considered to be be expected, the NLB server set up a double set.
a task more suited to an installation agent. connection to one server at a time. As
Technical data
The registry values ensure that the address no measurable difference could otherwise
www.it-administrator.de/downloads/datenblaetter
book and the RPC service do not com- be seen, we then attempted to disrupt
municate through just any ports, but ins- the assignment by disabling a server. Wit-
IT Administrator's rating (max. 10 points)
tead exclusively through the ports 60.200 hin a few seconds, the load balancer de-
and 60.201. Also other parameters, such tected the failure of the node and di- Configuration work 7
as the value of 3,600,000 for client and rected all new requests to the remaining
Load balancing alternatives 8
server timeouts, should be defined either servers. If the two servers failed, the NLB
by a wizard that assists an administrator server could only present a local failover
Administrability 7
during the Exchange NLB installation or website, whose visual display and contents
at least given in a more user-friendly unit the administrator can modify for his or
Operating reliability 8
(milliseconds in this case). Interestingly, her company.
three pages later, the software again de-
Documentation 8
mands the input of an hour, but this time In another step, we used a test program
in minute format. to set up a very large number of very fast
HTTP connections at the same time This product is
In summary, the administrator sets up two through the load balancer to the IIS web
layer-7 services for the Exchange NLB: services of the Exchange servers.The load very suitable for companies wishing to run diffe-
one service is for ports 80 and 443, the was, as expected, shared equally between rent systems using load balancing.
other service responds to the specific ports the systems. If one of the servers is stop-
for Outlook.The administrator assigns the ped, a message was displayed for about conditionally suitable for companies that already
use other NLB methods.
physical machines to the two services in five seconds to indicate that the destina-
a second step. As is typical for NLB, the tion could not be reached, before the load not suitable for companies that only have indivi-
relative weighting to the other NLB ser- balancer switched to the other system. dual servers and do not require load balancing.
vers can be specified using the "Weight" Regarded overall, the NLB server could
entry. For example, if one of the servers not be disrupted in implementing its tasks.
provides less performance than the others, We experienced similarly positive results Loadbalancer.org Enterprise VA 7.5
the administrator could use the weight in the case of remote desktop access.
4 Excerpt from IT-Administator September 2013 www.it-administrator.com
P R O D U C T S I Te s t
highlighting of the different defined virtual
services or even a filter function would have
been very helpful instead of endless linking
of the rows together. Apart from transfer of
the messages to a Syslog server, there are no
other utilities.
Summary
Anyone who has ever had to work frus-
tratingly for several hours with the NLB
services from Microsoft will like the al-
ternative offered by Loadbalancer.org.We
were able within two hours of the test to
set up and configure a load balancer for
Microsoft Exchange 2010 OWA.The sys-
tem gives the user an easy introduction to
the subject and is sparing on details.Within
a very short period of time, we had our
first remote desktop NLB or HTTP-NLB
Illustration 3: An overview shows in color the situation regarding the clusters and servers
set up without having to change anything
in the existing configuration. On the one
Unclear Log Files ckup and restore functions for manual ba- hand, that is pleasing, while on the other
We were very impressed by the option to ckup are available as is synchronization with hand, it is very useful for operational se-
directly view configuration files on the web a peer partner. Although the log files, if acti- curity in the company. Only a small num-
interface.This option means there is no need vated by the administrator, provide important ber of weaknesses in the configuration pro-
to switch to the console.The administrator information – for example, on timestamps, cedure lead to occasional annoyance and
can access the integrated firewall using scripts the source IP address with port and the des- make the administrator's work unnecessa-
and also directly from the web interface. Ba- tination of the connection – at least color rily more difficult. (dr)
www.it-administrator.com Excerpt from IT-Administator September 2013 5
You can also read
