When defining an array, one is required to give it a DNS name. Should this DNS name resolve to the IP address of one of the servers in the array, or is there an assumption that NLB is being used and the defined name will resolve to a VIP?
Can NLB be enabled prior to adding the second server to the array, and will the added server pick up the settings including enabling NLB and adding the VIP's to the NIC?
When initially enabling NLB, it asks for the "Primary VIP". Is this something other than just the first IP address to be load balanced (ie bullet #1)? Should it not be used to publish sites and services?
From: United Kingdom
In my experience, the array DNS name is just a virtual name for the array. Of all the ISA client types, I think this parameter is only actually consumed by the firewall client when you used the automatic detection facility.
If you are sticking to MS best practice, it is recommended to use DNS round robin for firewall clients as they don't play well with NLB. Hence the array DNS name would be a virtual DNS name which provides the dedicated IP addresses of all array members, defined in a round robin fashion.
I am not 100% sure on this, so I would be keen on comments from other forum members here...
Yep - this is the ideal scenario if starting with a single server setup and makes adding the new array member a breeze
The primary VIP is the first load balancing IP address that is shared between array members. Normally the primary VIPs become the default gatways in each ISA network.
I tend to leave the primary VIP as a routing/gateway VIP and then use additional VIPs for publshing needs. There is no technical reason for this, it just keeps things more logical to me and normally makes it easier for the networking guys to understand
RE: the array name for the FWC's, that's how I understand the recommendations too. Only SecureNAT clients are fully supported for NLB. Then you can use client-side CARP for the Web Proxy clients and DNS RR for the FWCs.