Posts: 103
Joined: 31.Aug.2003
From: The Netherlands
Status: offline
I installed the configuration storage server on a DC. Is it wise to install an additional configurtion storage server, this because we have now a single point of failure?
If you are worried about single points of failure, just putting a second CSS server won't be enough. You need to think about how clients connect to the second CSS server when server1 dies! A few options are NLB and DNS RR. After alot of testing I think that DNS RR is best. Your clients should resolve a virtual name (say "array1"). In DNS, create two A records for "array1" and give one the ip address of server1, and the other the IP address of server2. This way, when server1 dies, web proxy clients (after about 5 seconds) connect to server2. Firewall clients just normally need to restart their winsock app. NLB may take this restart issue away, but Tom has said that you can get issues with NLB and FW clients.
I was thinking in terms of putting the CSS on a box that isn't a member of the firewall array. That's what I always do for non-cash strapped orgs. Works nicely!