LifeKeeper places certain restraints on your Internet server configurations. These restrictions will ensure that the standby web server/site can successfully and completely replace the active web server/site.
Default Web Site or New Web Site
The Default Web Site created by the IIS installation process may be protected by LifeKeeper with one minor configuration change. The Default WebSite must be reconfigured to use a LifeKeeper protected IP address for the site.
LifeKeeper can also protect new Web Sites that have been configured to use a LifeKeeper protected IP address for the site.
Primary and Backup Designations
The server where the active site is created will be the primary LifeKeeper server for this Web site. The server where the standby site is created will be the backup server for this site. Keep in mind that the designations “primary”and “backup” server change for each site you are configuring.
In order to receive LifeKeeper protection, you should adhere to the following rules for site name (which is entered in the Description field of the IIS console):
- Use only alphanumeric characters and dashes (should NOT contain spaces).
- If you need to change the name (description) of a protected Web Site, first delete the LifeKeeper IIS resource, then change the description, and recreate the resource.
Identical Primary/Backup Web Sites
For each primary IIS site, you must create an identical backup IIS site on the other server. These two servers must be connected by a LifeKeeper heartbeat. In order for the primary and backup sites to be identical, the following criteria must be met:
- The site names entered in the Description field of the Properties form must be identical, including using the same case.
- The switchable IP addresses, port, and header assigned to the sites in the Properties form must be identical.
- If using a shared or replicated volume for your web or FTP content, the drive letter and folder of the volume you assign in the Home Directory Path must be identical.
- If you configure multiple backup sites for a particular Web site, then you must configure the other Web sites with the same identities; that is, the primary and backup Web sites must contain the same IP addresses, ports, and headers.
- If you configure one Web site as a secure Web site, then you must configure the other Web site as a secure Web site. Additional limitations apply to secure Web sites. See the following section for details.
Configuring Secure Servers
A secure server is a web server that uses Secure Socket Layers (SSL) for communication. Security is improved because the data sent and received are encrypted, and because the web client and the web server can identify one another. Secure servers use https: rather than http: in their URL. The default port number for a secure server is 443.
With regards to the LifeKeeper Microsoft IIS Recovery Kit and LifeKeeper,there is no difference in running a secure IIS Web site. In fact, IIS allows the same Web site to have both a TCP port and SSL port. There is no change in the startup or operational procedures. Therefore, after a key is generated and a corresponding digital certificate is installed in IIS, you may configure and run with SSL ports.
The following configuration rules must be followed to ensure LifeKeeper protection:
IIS sites that do not have IP addresses specified in the “IPAddress” field of the Properties or Bindings form cannot be protected.
If using a shared or replicated volume for your web content, the Home Directory should be specified as “A directory located on this computer”. LifeKeeper will not be able to protect the Home Directory if specified as either of the following:
a share located on another computer
a redirection to a URL
a volume that is not protected by LifeKeeper
Document Content Location
Shared and Replicated Content Storage
If the content volume is on a shared or replicated volume, both Web sites must point to the same shared or replicated volume and folder. The primary and backup servers must contain the same content files for the active and standby web servers/sites to be identical. However, if the content volume is not shared or replicated, the content may come from any location on either system.
To ensure data availability on a failover we suggest that you configure the Home Directory on the primary server as a folder on a shared or replicated disk and configure the Home Directory on the backup server identical to the primary server. You then have only one copy of the content files to maintain.
If your configuration does not utilize shared storage, then the content must be synchronized between local volumes on each server. While the LifeKeeper Microsoft IIS Recovery Kit does not contain any specific features to synchronize the content between two servers, the following are a few suggestions:
- Use SIOS DataKeeper to automatically replicate the data volumes on each active server to the standby server(s).
- Use a content replication tool such as Microsoft Site Server 3.0. You can also use the utility Robocopy as a content replication tool. Microsoft Site Server is the preferred solution.
- If you have a tape backup system, make a tape backup of the files on the primary server, and then restore them to the backup server, as needed.
Use Different Volume for Multiple IIS Sites
When the LifeKeeper Microsoft IIS Recovery Kit creates an IIS resource hierarchy, it creates dependencies associated with the IP address and content volume using the home directory path designated in the IIS configuration. Were commend that if you protect multiple sites, then you should designate DIFFERENT IP addresses and volumes for each site.
For example, the hierarchy shown below shows both MyFTPSite and MyWebSite utilizing the same IP address and different volume resources. Any maintenance done on one site will affect the other site since these have common IP resource dependency.
Bringing MyFTPSite In Service on the backup server will also move its dependencies to the backup server. This causes MyWebSite to be taken out of service on the primary server. You would then need to manually bring MyWebSite In Service on the backup server.
Assigning DIFFERENT IP addresses and volumes to each protected IIS site will give you more flexibility in managing your resources by NOT tying their recovery actions together. However, you may prefer to have them grouped as shown above.