Hi All, This is my first post and I am fairly new when talking about ISA. My setup is as follows Datacenter 1 3 Exchange 2007 mailbox clustered servers 2 Hub transport and client access servers
Datacenter 2 3 Exchange 2007 mailbox clustered servers 2 Hub transport and client access servers
Each of these datacenters will have an ISA 2006 server in the DMZ and Exchange will be published via ISA 2006.
Now the question is that is there any way to load balance the connections between these 2 ISA 2006 servers? (like if 1 server goes down the other handles the connections so there is no downtime)
Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
ISA supports Microsoft NLB for HA, but this is 'subnet bound' and hence cannot be used across datacentres unless you can create a stretched VLAN or similar...
Normally, you would need to use some form of external load balancer to get the traffic to ISA in the way you describe...
Thanks for the reply. An external load balancer is not in the budget ISA has been put in the DMZ to publish OWA/EAS and Outlook Anywhere Setup is Internet-Firewall-ISA-Firewall-Exchange
Will I also have to create an Array to implement Round robin DNS? Can you share any article which explains more abour Round Robin and how to configure it?
Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
No, you wouldn't need an array. However, you could put an array at each data centre using NLB, and then use round robin DNS to access the VIP of each array.
Round robin DNS is pretty simple and discrete from the ISA setup:
Can you please give more details around "However, you could put an array at each data centre using NLB, and then use round robin DNS to access the VIP of each array."
Can an array be created with just 1 node of ISA server as I only have 1 ISA 2006 server per datacenter? Also, array would require enterprise edition and am I correct in assuming that DNS round robin can be done with a standard edition box?
Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:
ORIGINAL: rakeshmiglani
Can you please give more details around "However, you could put an array at each data centre using NLB, and then use round robin DNS to access the VIP of each array."
Can an array be created with just 1 node of ISA server as I only have 1 ISA 2006 server per datacenter? Also, array would require enterprise edition and am I correct in assuming that DNS round robin can be done with a standard edition box?
Sorry, I meant to imply you could not that you necessarily should.
I assumed that if you are looking at two data centres then HA is important; hence protecting each data centre against individual ISA server failure by using NLB might be of interest.
Yep - an array means ISA EE.
Yep - DNS RR doesn't need ISA EE and would work fine with SE. With SE you will lose a single point of management and you won't be able to provide server failure protection in each site, this may not be an issue for you though...
Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Right, let makes sure we are not talking about apples and oranges here
For a proper HA solution, you have two main elements to consider:
1. Site resilience 2. Server resilience
Let's consider the site resilience first:
If you cannot do a stretched VLAN and you cannot afford a load balancer than you could use DNS RR to balance incoming connections to ISA; these ISA Servers could be running ISA SE or ISA EE, it doesn't really matter. If site A fails, 50% of the people will be using site B (assuming a fairly even split) and hence you don't totally lose the service. You could then update DNS and remove the IP addresses for site A to get 100% of people using site B. DNS RR is not an ideal solution, but it is viable if you accept the limitations...
Let's consider the server resilence option:
If you want to to protect against server failure at either of the sites and negate the need to failover the entire site, it makes sense to implement two ISA servers per site and then use ISA EE with NLB to cluster them. You cannot achieve this with ISA SE and you would need ISA EE.
You could argue that with site resilience you don't need server resilience. However, in reality it is often preferred to have some form of local HA rather than have to fail the entire site just because a single server has failed.
At the end of the day it comes down to what you can afford and what level of HA you really need to keep the business happy...
Does that make sense? Apologies if this is obvious stuff!
Cheers
JJ
< Message edited by Jason Jones -- 31.Mar.2009 4:22:55 PM >