Shijaz.com: Articles | Windows Server | Exchange Server | ISA Server |

 

Setting up Network Load Balancing in ISA 2004 Enterprise

 

Shijaz Abdulla, MVP

www.shijaz.com/isaserver

 

 

This article gives step-by-step explanation on how to setup Network Load Balancing (NLB) on ISA Server 2004 Enterprise Edition.

 

Background

 

You can use NLB to “balance” request traffic (load) between two or more servers. This article explains how to implement it and assumes that you know what NLB is for. If not, please see the links in the “Prerequisites” section.

 

Prerequisites

 

Make sure you read and understand the following Microsoft articles:

 

  • Netowrk load balancing ISA 2004

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/network_load_balancing_ee.mspx

 

  • Windows NLB FAQ page:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/clustering/nlbfaq.mspx

 

  • Understanding Windows NLB

http://technet2.microsoft.com/WindowsServer/f/?en/Library/088a26d1-1d67-45a3-8d89-e7a056c1c1131033.mspx

 

It is important to note that though ISA Server 2004 depends on Windows NLB for load balancing, it supports a feature called Integrated NLB which is configure using the ISA console itself. It is recommended that Integrated NLB is used for load balancing ISA.

 

Assumptions

 

Below is a brief outline of the lab scenario employed in this article:

 

ISA Server1:

OS: Windows Server 2003 Standard

Hostname: ISANLB1.testdomain.local

No. of Network adapters: 3

 

Internal Interface: NIC1

IP on NIC1: 15.0.0.11

DNS: 15.0.0.1

 

Intra-array Interface: NIC2

IP on NIC2: 172.16.0.1

 

External Interface: NIC3

IP on NIC3: 10.0.0.101

Default Gateway: 10.0.0.138 (my ADSL router)

 

 

ISA Server2:

OS: Windows Server 2003 Standard

Hostname: ISANLB2.testdomain.local

No. of Network adapters: 3

 

Internal Interface: NIC1

IP on NIC1: 15.0.0.12

DNS: 15.0.0.1

 

Intra-array Interface: NIC2

IP on NIC2: 172.16.0.2

 

External Interface: NIC3

IP on NIC3: 10.0.0.102

Default Gateway: 10.0.0.138 (my ADSL router)

 

 

NLB for Internal Network

Virtual Hostname: ISANLB.testdomain.local

Virtual IP: 15.0.0.10

All my clients will use this virtual name or IP as the proxy. All published servers will use this IP as their default gateway.

 

NLB for External Network

Virtual IP: 10.0.0.100

All NATs or Routes on my ADSL router will be to this IP address.

 

  • It is assumed that you have installed ISA 2004 Enterprise on at least one server. This article explains how to add the second server on the array and setup NLB for both external and internal interfaces using both nodes.
  • The Internal interface is connected to the network to be protected.
  • The External interface is the interface that is connected to the internet. Usually this is the interface that is connected to your ISP router/outer firewall/ADSL router.
  • The Intra-Array interface is a private network between the ISA server array nodes. This is different from the “Internal” network. In case you have only two nodes in your array, this can be a crossover cable connected between the two ISA servers.
  • In an ISA Enterprise array, when you make a configuration change on any one server in the array, the changes are applied to all servers in the same array. The rules and configuration are stored in an internal database called the Configuration Storage.

 

Configuration steps

 

Step 1.         Install ISA Server 2004 Enterprise on the second server.

 

This is fairly straightforward, however I will describe the areas that need attention.

 

  1. Although it is optional to have a configuration store on both servers, I would recommend that you install the configuration store on both nodes. This will give you added redundancy of the configuration store in case on of the servers fail.

 

 

  1. Choose the option Create a replica of the enterprise configuration since this server will join the existing array and use the same configuration as your first ISA server.

 

 

  1. In the Locate Configuration Storage Server screen, choose your first ISA server. You can browse for it.

 

 

  1. When you click Next, you will receive a warning message as shown below. You can ignore it for now.

 

 

  1. Choose the option to replicate over the network if your first ISA server is online.

 

 

  1. Choose the appropriate option. In the case where you need to setup NLB, both ISA servers are usually in the same domain and same network. Hence choose the first option:

 

 

  1. Choose to Join the existing array.


 

  1. Enter the array name (usually the hostname of the first ISA Server) or browse for it.

 

 

  1. Choose Windows Authentication as the Configuration Storage Server authentication option.

 

 

  1. Click Next and complete the installation. Setup will warn you that some services need to be restarted during the installation process.

 

  1. I strongly recommend that you install the latest ISA Service Pack on both nodes before continuing.

 

 

Step 2.         Configuring the ISA NLB cluster

 

 

  1. Verify if installation succeeded. Open the ISA Server Management Console on any server and navigate to Arrays > [Arrayname] > Configuration > Servers. You should see both servers listed here.

 

 

 

  1. Right click on the server that you are now physically logged into and choose properties. Click on the Communication tab and set the intra-array communication to the NIC2 interface (see table in the Assumptions section at the beginning of the article).

 

 

  1. Similarly, open the properties for the other server and set the intra array interface. It is better to do it physically from each server itself.

 

 

  1. Next, you need to add both ISA servers into the Replicate Configuration Storage Servers computer set. Navigate to Enterprise > Enterprise Policies. Open the Task Pane on the right, open toolbox > Network Objects > Computer Sets. Double click on the Replicate Configuration Storage Servers computer set.

 

 

  1. Add both ISANLB1 and ISANLB2 here. See screenshot above.

 

  1. On any of the ISA servers, navigate to Arrays > [ArrayName] > Configuration > Networks. Open the Task Pane on the right.

 

  1. Under tasks, click Enable Network Load Balancing Integration.

 

 

  1. In the NLB wizard, choose the networks that you want to load-balance. In this article I am load balancing both External and Internal interfaces.

 

 

  1. For each interface you want to load balance, specify a “virtual IP” which will be used to connect to the cluster. It has to be within the same subnet as the interfaces themselves but should not be in use. In this case I will configure as per the table mentioned in the Assumptions section of this article.

 

 

 

 

  1. Click next, read any informational messages and continue. At the end of the process, click Apply to apply your configuration changes. You will be prompted whether or not to restart the ISA Services. Choose to restart the ISA services.

 

 

 

 

 

 

  1. ISA will begin self-configuring the NLB. Both nodes will become momentarily busy. If you open the ISA management console, you might see some warnings and errors while services are restarted and interfaces are configured. You can ignore most of it for now.

 

 

Some of the errors you are likely to get during the process.

 

 

 

  1. Eventually the process completes. You can check the success by looking under Monitoring > Services. You should see all services, including Network Load Balancing as Running on both servers. If the NLB service is shown as Configuring, just wait for some more time.

 

 

 

  1. NLB is now setup.

 

Step 3.         Setting the DNS record for Internal network NLB virtual name

 

You can create a DNS A record if you wish to have a “virtual name” for the virtual IP of the load-balanced Internal network.

 

  1. On your DNS server, open the DNS console. Open your forward lookup zone. Right click on the zone, and choose New host record.

 

 

  1. Type the virtual name that you wish to use in the Name box. Type the NLB virtual IP for the Internal network in the IP Address box.

 

  1. Click Add Host. You should receive a success message.

 

 

Step 4.         Testing the virtual name

 

  1. On one of your client machines on the Internal network, set the proxy to the virtual name you just created and check if you can browse the internet. You should have created the appropriate access rules on ISA Server to allow internet access from the clients.

 

 

 

 

Step 5.         Renaming the array (optional)

 

  1. By now, you will have the array name as ISANLB1, which is the hostname of the first ISA server in the array. In order to minimize confusion, you can rename the array to a more suitable name (for example, NLBARRAY or ISANLB). This step is totally optional.

 

  1. To do this, right click on the array name and choose Rename.

 

 

 

IMPORTANT: The array name is NOT your NLB virtual name. The array name is NOT ping-able from the network. In fact, the array name has got nothing to do with your real network. It is used internally within ISA to identify your ISA array (an array is a group of computers running ISA server, sharing the same configuration).

 

 

See Also:

 

 

 

Was this Article Useful?

Post your comments!

 

 

Disclaimer

 

The steps mentioned in this are results of testing in a lab environment. The procedure might require additional testing before being deployed on a live environment. I assume no responsibility for damage(s) occurring due to following this procedure or any other procedure listed on this site. Use it at your own risk!