ISA Load Balancing
Rainfinity's RainWall will help you ramp up the reliability and efficiency of your Microsoft ISA Server.
Are there any ISA Servers in your shop? Concerned about your ISA Server being a single point of failure? Wish that you could easily scale your ISA Server deployment to handle more requests? If so, then a load balancing solution such as Rainfinity's RainWall for Microsoft ISA Server may be just what the IT doctor ordered.
There are many different ways to load balance ISA Server requests:
- DNS round robin
- An ISA Server array
- Windows Network Load Balancing
- Third-party products such as RainWall
Depending on what you're trying to load balance, some methods work better than others.
DNS round robin is the easiest to set up, requiring multiple host records in DNS. Round robin provides load balancing by rotating through the host records when requests are made, but doesn't compensate for a failed node. If one of the nodes listed fails, the DNS Server service will continue to hand out that IP address to clients. Round robin works with both ISA Server Standard Edition and Enterprise Edition running all versions of Windows 2000 Server.
ISA Server arrays are the next-easiest solution to implement. They provide load balancing for Web requests by using Cache Array Routing Protocol (CARP). If you're using your ISA servers to publish Web requests only, then using ISA arrays is a good decision. However, if you're publishing other resources, arrays won't help. ISA arrays are provided by ISA and are only supported on ISA Server Enterprise Edition.
Windows Network Load Balancing (NLB) works for all requests, not just Web requests. NLB is provided by Windows and requires Win2K Advanced Server or Win2K Data Center Server. It doesn't work on Win2K Server. NLB works well, but has some limitations:
- NLB only works on one ISA interface at a time. You can load balance incoming or outgoing requests, but not both.
- NLB doesn't check service status for its nodes. For example, if the Web proxy service fails on one of the nodes, NLB won't notice and will still send requests to that node.
- NLB doesn't check NIC status. If a NIC fails in one of the nodes, NLB will still send requests to that node.
- NLB is more difficult to configure than the other options.
Unlike DNS round robin and NLB, RainWall was designed exclusively for ISA Server. It provides all the benefits without any of the drawbacks. RainWall supports both inbound and outbound requests right out of the box. It supports all protocols (unlike ISA arrays) and works with all versions of ISA and Win2K Server (Service Pack 3 or higher). It monitors ISA services and NIC status. The thing I like best about RainWall is that it is software based and doesn't require any special hardware. This makes it very easy to add more ISA servers on the fly.
| RainWall uses a standard MMC for management, making the product quite intuitive. (Click for larger image)
I've deployed RainWall several times. It's a very easy install. Start to finish is about 20 to 30 minutes, including the reboots. When you install RainWall on the first node, you're asked for the new cluster name and number, node number, and for the IP addresses to be used for internal requests, external requests and cluster communication (heartbeat). When you install the second node it pulls all of the information from the first node. The only thing you have to supply is the node name. Rebooting is required for each node after installation. This is the only down time during the entire process.
I highly recommend RainWall to anyone who wants an affordable and scalable solution. It's easy to install and requires no maintenance once up and running. When you factor in the money saved by using Win2K Server and ISA Server Standard Edition over Win2K Advanced Server and ISA Server Enterprise Edition, you may find that RainWall is more affordable than you think.
About the Author
Chad Todd, MCSE, MCT, CNE, is the author of Hack Proofing Windows 2000 Server by Syngress Publishing. He is the co-owner of Training Concepts, which specializes in Windows 2000 and Cisco training.