Re: All About Windows clustering
PREETI Bhardwaj
Hello Tarun ,
Find out your details with in the details given below:-
Disabling Unnecessary Bindings on the Internet Connected Interfaces
Role that performs this task: Firewall Administrator
Unnecessary bindings are removed to minimize the possibility of network attacks. There is no reason any binding other than those listed in this task should exist. To remove bindings:
1.
Open Network Connections.
2.
Right-click External Interface(s) and select Properties.
3.
In the General tab of Properties, clear all bindings except the following:
• TCP/IP Protocol
• HP Network Teaming and Configuration
Ensuring No Domain Membership
Role that performs this task: Firewall Administrator
Firewall servers that are directly connected to the Internet are standalone servers, to preserve the integrity of the service in the event one of the physical servers is compromised. Ensure that both firewall servers are not a member of any domain.
Installing ISA Server for Firewalls
Role that performs this task: Firewall Administrator
The following instructions detail the setup and configuration of ISA Server.
Once the pre-installation configuration tasks are completed, the actual ISA Server installation can begin. Perform the following steps on each firewall server.
1.
Insert the ISA Server CD or run ISAAutorun.exe from the source location.
2.
Click Install ISA Server at the ISA Server Setup menu.
3.
A message will display advising ISA Service Pack 1 is required to run on Windows Server 2003. Click Continue.
4.
At the Microsoft ISA Server (Enterprise Edition) Setup screen click Continue.
5.
When prompted, enter the CD key information and click OK to continue.
6.
In the next dialog box, note the Product ID and click OK to continue.
7.
At the licensing screen, review the terms of the licensing agreement. To accept the terms and continue, click I Agree.
8.
When prompted to select installation type, click Custom Installation.
9.
Ensure Add-in services are deselected in the Options window.
10.
Since this machine is not part of any domain it will prompt with the following message. “This computer cannot join an array until it is part of Windows 2000 domain...” “Do you want to continue?” Choose Yes.
11.
In the Server Mode Selection dialog box, select Integrated mode and click Continue.
12.
At the Cache Definition screen, place the cache on the D: partition and set its size to 30MB.
13.
In the Internal IP ranges dialog box click Construct Table.
14.
Select only the first box. Add the following private ranges: 10.x.x.x, 192.168.x.x, 172.16.x.x-172.31.x.x and 169.254.x.x. Then click OK.
15.
Click OK in the Internal IP ranges dialog box after verifying correct data has been entered.
16.
A prompt stating that “‘ISA 2000’ will cause Windows to become unstable...” will display. Click X to close the message.
17.
After successful installation, a prompt will display that asks about launching the ISA Getting Started wizard. Clear the box and click OK to proceed.
18.
Click OK to complete the ISA installation wizard.
Note: A message will display stating that one or more services failed because ISA Service Pack 1 is not installed. After ISA Server has finished being installed, be sure to install ISA Service Pack 1.
ISA Server Post-Installation Configuration
Perform the post-installation tasks in this section to complete the configuration of ISA Server.
Installing ISA Server Service Packs and Hot Fixes
Role that performs this task: Firewall Administrator
Service Pack 1 is required to run ISA Server 2000 on a server that is running the Windows Server 2003 operating system. ISA Server will install properly but will disable all services until Service Pack 1 is installed. Additional hotfixes and the ISA Server feature pack need to be installed in the order specified at:
http://www.microsoft.com/isaserver/downloads/
Install Service Pack 1 and additional hotfixes on both firewall servers.
Setting Policy Permissions on the Firewall Servers
Role that performs this task: Firewall Administrator
Perform the following steps on both firewall servers.
1.
Open the ISA Server MMC.
2.
Right-click the server name, select Properties, click the Security tab.
3.
Click Advanced and clear Allow permissions from the parent to propagate to this object.
4.
Click OK and choose to Copy permissions.
5.
Click Add, select Firewall Administrators and Firewall Auditors groups, and then click OK.
6.
Give the local Firewall Administrators group full control.
7.
Give the Firewall Auditors group read rights.
8.
Change the rights of the Administrators group by removing Full Control and only leaving Read permissions. Do not modify the Authenticated Users or System permissions.
9.
Click OK to accept changes.
Installing the AXL300 SSL Accelerator
Role that performs this task: Firewall Administrator
The following instructions detail the install of the AXL3000 PCI SSL accelerator driver. Perform the following steps on both firewall servers.
1.
Insert the AXL300 CD into the system CD drive.
2.
Click Start and select Settings and then Control Panel. In the Control Panel dialog box, double-click Add/Remove Programs.
3.
Select Add New Programs.
4.
Click the CD or Floppy button to add the AXL300 software from the CD.
5.
The Install Program dialog box will display. Click Next.
6.
Type the path: <CDdrive>:\Win2K\Setup.exe and then click Finish.
7.
The Setup dialog box will display while the Install Shield loads.
8.
At the Welcome dialog box for installing the AXL300 (Hardware Accelerator) software click Next.
9.
Review the terms of the licensing agreement; to accept them and continue click Yes.
10.
Click Next. Verify the content of the User Information dialog box; if it is correct, click Next.
11.
Verify the Destination Directory in the Choose Destination Location dialog box. When the correct directory is displayed click Next.
12.
Verify the Program Folder in the dialog box. When the correct folder is displayed click Next.
13.
Verify the information in the Start Copying Files dialog box and make sure it is correct. Click Next.
14.
The install shield will copy the files. When the installation is finished, close the Add/Remove Programs dialog box.
15.
Close the Control Panel and then reboot the system.
Configuring Network Load Balancing for the CPSI Network Adapters
Role that performs this task: Firewall Administrator
Part 1: Capture the Unicast MAC Address to configure the NIC Team for Network Load Balancing.
1.
Log on to FFL-SA-FWP-01.
2.
Open Network Connections.
3.
Right-click the connection for the VLAN-CPSI-TEAM and select Properties.
4.
In the VLAN-CPSI-TEAM Properties dialog box, select Network Load Balancing and then click Properties.
5.
Enter the IP address and Subnet Mask for the fwp.contoso.com virtual IP address from the "NLB Cluster Configuration" worksheet in the ConfigurationMatrix.xls file.
6.
Open Notepad and record the network MAC address exactly as it appears on the dialog.
7.
Click Cancel, and Cancel again to close the VLAN-CPSI-TEAM Properties dialog box.
8.
Open the HP Network Teaming and Configuration Properties.
9.
Select the VLAN-CPSI-TEAM interface and select Properties.
10.
Click the Settings tab.
11.
Type the recorded network MAC address from Notepad into the Team Network Address box and click OK.
12.
Click OK in the HP Network Teaming and Configuration window.
13.
When complete, a message will display stating All configuration changes were made successfully.
Part 2: Configure the Network Load Balancing cluster.
1.
Log on to FFL-SA-FWP-01, which will be the first server in the cluster.
2.
Open Network Load Balancing Manager from the Administrative Tools menu located in the Control Panel.
3.
Select Cluster, and then New.
4.
Enter into the IP Address field the IP address for the fwp.contoso.com virtual IP address from the "NLB Cluster Configuration" worksheet in the ConfigurationMatrix.xls file.
5.
Enter the IP address, Subnet Mask and the fully qualified domain name for the fwp.contoso.com virtual IP address from the "NLB Cluster Configuration" worksheet in the ConfigurationMatrix.xls file.
6.
Click Next.
7.
Since there will only be one cluster IP address, click Next to move past the dialog box for adding additional cluster IP addresses.
8.
Click Next again to move past the dialog box for entering port filter rules.
9.
Enter the VLAN-CPSI-TEAM IP address of FFL-SA-FWP-01 firewall server into the Host field. Click Connect.
10.
Select the interface with the IP address of the VLAN-CPSI-TEAM interface in the Interfaces available to configure on new cluster screen. Click Next.
11.
Click Finish.
12.
Right-click the new cluster and select Add Host.
13.
Enter the VLAN-CPSI-TEAM IP address of FFL-SA-FWP-02 firewall server into the Host field. Then click Connect.
14.
Select the interface with the IP address of the VLAN-CPSI-TEAM interface in the Interfaces available to configure on new cluster screen. Click Next.
15.
Click Finish.
Note: The NLB manager will then automatically configure the NIC Teaming and Network Load Balancing settings on both servers. This process may take up to 45 seconds to complete.
16.
Verify that the log entry shows that the Cluster configuration is finished
17.
On the peer firewall server, open the HP NIC Teaming and Configuration applet. Click OK to accept the information message that appears. A configuration update will take place. When complete, a message will display stating All configuration changes were made successfully.
Configuring Network Load Balancing for the CPFI Network Adapters
Role that performs this task: Firewall Administrator
Part 1: Capture the Unicast MAC Address to configure the NIC Team for Network Load Balancing
1.
Log on to FFL-SA-FWP-01.
2.
Open Network Connections.
3.
Right-click the connection for the VLAN-CPFI-TEAM and select Properties.
4.
In the VLAN-CPFI-TEAM Properties dialog box select Network Load Balancing and then click Properties.
5.
Enter the IP address and Subnet Mask for the safwp.contoso.com virtual IP address from the "NLB Cluster Configuration" worksheet in the ConfigurationMatrix.xls file.
6.
Open Notepad and record the network MAC address exactly as it appears on the dialog.
7.
Click Cancel, and Cancel again to close the VLAN-CPFI-TEAM Properties dialog box.
8.
Open the HP Network Teaming and Configuration Properties.
9.
Select the VLAN-CPFI-TEAM interface and select Properties.
10.
Click the Settings tab.
11.
Type the recorded network MAC address from Notepad into the Team Network Address box and click OK.
12.
Click OK in the HP Network Teaming and Configuration window.
13.
When complete, a message will display stating All configuration changes were made successfully.
Part 2: Configure the Network Load Balancing Cluster
1.
Log on to FFL-SA-FWP-01, which will be the first server in the cluster.
2.
Open Network Load Balancing Manager from the Administrative Tools menu located in the Control Panel.
3.
Select Cluster, and then New.
4.
Enter into the IP Address field the IP address for the safwp.contoso.com virtual IP address from the "NLB Cluster Configuration" worksheet in the ConfigurationMatrix.xls file.
5.
Enter the IP address, Subnet Mask and the fully qualified domain name for the safwp.contoso.com virtual IP address from the "NLB Cluster Configuration" worksheet in the ConfigurationMatrix.xls file.
6.
Click Next.
7.
Add the second NLB IP address from the "Additional Virtual IPs" column for the safwp.contoso.com entry from the "NLB Cluster Configuration" worksheet in the ConfigurationMatrix.xls file. Click Next.
8.
Click Next again to move past the dialog box for entering port filter rules.
9.
Enter the VLAN-CPFI-TEAM IP address of FFL-SA-FWP-01 firewall server into the Host field. Click Connect.
10.
Select the interface with the IP address of the VLAN-CPFI-TEAM interface in the Interfaces available to configure on new cluster screen. Click Next.
11.
Click Finish.
12.
Right-click the new cluster and select Add Host.
13.
Enter the VLAN-CPFI-TEAM IP address of FFL-SA-FWP-02 firewall server into the Host field. Then click Connect.
14.
Select the interface with the IP address of the VLAN-CPFI-TEAM interface in the Interfaces available to configure on new cluster screen. Click Next.
15.
Click Finish.
Note: The NLB manager will then automatically configure the NIC Teaming and Network Load Balancing settings on both servers. This process may take up to 45 seconds to complete.
16.
Verify that the log entry shows that the Cluster configuration is finished
17.
On the peer firewall server, open the HP NIC Teaming and Configuration applet. Click OK to accept the information message that appears. A configuration update will take place. When complete, a message will display stating All configuration changes were made successfully.
Modify the Local HOSTS file on the Firewall Servers
Role that performs this task: Firewall Administrator
1.
At a command prompt, type notepad C:\Windows\System32\drivers\etc\hosts and press Enter.
2.
Enter the following host entries on each firewall server:
192.168.17.170 dp1.pki.contoso.com
192.168.17.170 dp2.pki.contoso.com
3.
Enter the following additional information in the host file of FFL-SA-FWP-01 ONLY
10.100.100.77 FFL-SA-FWP-02
4.
Enter the following additional information in the host file of FFL-SA-FWP-02 ONLY
10.100.100.76 FFL-SA-FWP-01
5.
Save the file and close the Notepad application.
On Wed, 05 Dec 2007 Tarun sharma wrote :
>
>hello everybody,
>plz let me know if anybody Knows about teaming in windows
>clustering.how it can be enabled
>and disble too.
>
>thanks n regards,
>Traun sharma
>
>>
 |
tarun sharma
with regards,
Tarun sharma