LifeKeeper places certain restraints on your Internet server configurations. These restrictions will ensure that the standby web server/site can successfully and completely replace the active web server/site.
IIS Required Roles and Role Services and Features
LifeKeeper interfaces to IIS require the following roles, role services and features to be installed on the server:
Roles:
- Web Server (IIS)
Role Services:
- IIS Management Console
- FTP Server (If protecting FTP Sites)
- FTP Service
Features:
- SMTP Server (If protecting SMTP sites)
IIS Active Active
IIS allows multiple Web and FTP sites and SMTP virtual servers to run on each server in a cluster. Only a single instance of the IIS software is allowed (or required) on a given system. The Web sites, FTP sites and SMTP virtual servers can be protected and managed individually by LifeKeeper.Subsequent descriptions may use the term “site” to refer generically to a Website, FTP site or SMTP virtual server.
The figure below illustrates a typical configuration of web servers.
In this configuration, each server has two Web sites: one primary and one backup Web site. Server 1 has the primary instance of WebSite1 and the backup instance of WebSite2. Server 2 has the reciprocal configuration:a primary instance of WebSite2 and a backup instance of WebSite1. Only the primary instances of the Web sites actually service incoming user requests on any given server.
In addition, Server 1 has the primary instance of an FTP site named FTP site and the backup instance of the SMTP virtual server named SMTPvs, while Server2 has the backup instance of the FTP site and the primary instance of the SMTP virtual server.
If a primary Web site stops servicing user requests, LifeKeeper activates the backup instance on the backup server to resume service there. Thus, if WebSite1 on Server 1 fails, then LifeKeeper activates the backup instance of WebSite1 on Server 2. After the switchover, there will be two active instances running on Server 2. Once the problem with the failed web server is corrected, you may switch service back to Server 1. The LifeKeeper Microsoft IIS Recovery Kit allows you to manually switch service back or take advantage of the LifeKeeper automatic switchback feature.
Default Web Site or New Web Site
The Default Web Site created by the IIS installation process may be protected by LifeKeeper with one minor configuration change. The Default WebSite must be reconfigured to use a LifeKeeper protected IP address for the site.
LifeKeeper can also protect new Web Sites that have been configured to use a LifeKeeper protected IP address for the site.
Primary and Backup Designations
The server where the active site is created will be the primary LifeKeeper server for this Web site. The server where the standby site is created will be the backup server for this site. Keep in mind that the designations “primary”and “backup” server change for each site you are configuring.
Naming Restrictions
In order to receive LifeKeeper protection, you should adhere to the following rules for site name (which is entered in the Description field of the IIS console):
- Use only alphanumeric characters and dashes (should NOT contain spaces).
- If you need to change the name (description) of a protected Web Site, first delete the LifeKeeper IIS resource, then change the description, and recreate the resource.
Identical Primary/Backup Web Sites
For each primary IIS site, you must create an identical backup IIS site on the other server. These two servers must be connected by a LifeKeeper heartbeat. In order for the primary and backup sites to be identical, the following criteria must be met:
- The site names entered in the Description field of the Properties form must be identical, including using the same case.
- The switchable IP addresses, port, and header assigned to the sites in the Properties form must be identical. However, when used in combination with an IP address resource that protects the real IP, you can configure different IP addresses for the primary and backup IIS sites.
- If using a shared or replicated volume for your web or FTP content, the drive letter and folder of the volume you assign in the Home Directory Path must be identical.
- If you configure multiple backup sites for a particular Web site, then you must configure the other Web sites with the same identities; that is, the primary and backup Web sites must contain the same IP addresses, ports, and headers. However, when used in combination with an IP address resource that protects the real IP, you can configure a different IP address for each backup site.
- If you configure SSL as available on one Web site, then you must configure SSL on the other Web site as well. Additional limitations apply to secure Web sites. See the following section for details.
Configuring SSL-configured websites
Websites that use SSL (Secure Socket Layers) for communication improve security because the data sent and received are encrypted, and because the web client and the web server can identify one another. SSL-configured websites use https: rather than http: in their URL. The default port number is 443.
With regards to the LifeKeeper Microsoft IIS Recovery Kit and LifeKeeper,there is no difference in running a SSL-configured website and non SSL-configured website. In fact, IIS allows the same Web site to have both a TCP port and SSL port. There is no change in the startup or operational procedures. Therefore, after a key is generated and a corresponding digital certificate is installed in IIS, you may configure and run with SSL ports.
IIS Configuration
The following configuration rules must be followed to ensure LifeKeeper protection:
IIS sites that do not have IP addresses specified in the “IPAddress” field of the Properties or Bindings form cannot be protected.
If using a shared or replicated volume for your web content, the Home Directory should be specified as “A directory located on this computer”. LifeKeeper will not be able to protect the Home Directory if specified as either of the following:
a share located on another computer
a redirection to a URL
a volume that is not protected by LifeKeeper
Document Content Location
Shared and Replicated Content Storage
If the content volume is on a shared or replicated volume, both Web sites must point to the same shared or replicated volume and folder. The primary and backup servers must contain the same content files for the active and standby web servers/sites to be identical. However, if the content volume is not shared or replicated, the content may come from any location on either system.
To ensure data availability on a failover we suggest that you configure the Home Directory on the primary server as a folder on a shared or replicated disk and configure the Home Directory on the backup server identical to the primary server. You then have only one copy of the content files to maintain.
Non-Shared Storage
If your configuration does not utilize shared storage, then the content must be synchronized between local volumes on each server. While the LifeKeeper Microsoft IIS Recovery Kit does not contain any specific features to synchronize the content between two servers, the following are a few suggestions:
- Use SIOS DataKeeper to automatically replicate the data volumes on each active server to the standby server(s).
- Use a content replication tool such as Microsoft Site Server 3.0. You can also use the utility Robocopy as a content replication tool. Microsoft Site Server is the preferred solution.
- If you have a tape backup system, make a tape backup of the files on the primary server, and then restore them to the backup server, as needed.
Use Different Volume for Multiple IIS Sites
When the LifeKeeper Microsoft IIS Recovery Kit creates an IIS resource hierarchy, it creates dependencies associated with the IP address and content volume using the home directory path designated in the IIS configuration. Were commend that if you protect multiple sites, then you should designate DIFFERENT IP addresses and volumes for each site.
For example, the hierarchy shown below shows both MyFTPSite and MyWebSite utilizing the same IP address and different volume resources. Any maintenance done on one site will affect the other site since these have common IP resource dependency.
Bringing MyFTPSite In Service on the backup server will also move its dependencies to the backup server. This causes MyWebSite to be taken out of service on the primary server. You would then need to manually bring MyWebSite In Service on the backup server.
Assigning DIFFERENT IP addresses and volumes to each protected IIS site will give you more flexibility in managing your resources by NOT tying their recovery actions together. However, you may prefer to have them grouped as shown above.
Use with IP Address Resources that Protect the Real IP
When using the LifeKeeper Microsoft IIS Recovery Kit with an IP address resource that protects the real IP (introduced in LifeKeeper for Windows version 8.10.0), the primary server and backup server must have different IP addresses in IIS for the primary and backup servers. Starting from LifeKeeper for Windows version 8.10.1, the LifeKeeper Microsoft IIS Recovery Kit no longer checks whether the IP addresses configured on the primary and backup server IIS sites match when combined with an IP address resource that protects the real IP. This eliminates the need for the special procedure formerly required in LifeKeeper for Windows version 8.10.0.
Post your comment on this topic.