Designing for High Availability


Before deploying ISA Server, estimate your Internet connectivity requirements. Use the following sections as guidelines for planning the size and type of your servers, and whether to deploy them as an array. Figure 5.8 shows the process for designing for high availability.

click to expand
Figure 5.8: Designing for High Availability

Performing Capacity Planning

The flowchart in Figure 5.9 outlines the capacity planning process for ISA Server.

click to expand
Figure 5.9: ISA Server Capacity Planning Process

Use the following guidelines for capacity planning:

  • Ensure the minimum hardware requirements deploying ISA Server are met.

  • Decide whether to install ISA Server as a firewall. If yes, ensure that the minimum firewall requirements are met.

  • Decide whether or not to install ISA Server as a Web cache server. If yes, ensure that the minimum hardware requirements are met.

The following list describes the minimum hardware requirements for installing ISA Server:

  • A computer with a 300 megahertz (MHz) or higher Pentium 11-compatible CPU.

  • The computer must be running either a member of the Windows 2000 Server family, or a member of the Windows Server 2003 family. If you are installing ISA Server on a computer running Windows Server 2003, you must also install ISA Server SP1.

    Note

    Using the latest service pack is always recommended.

  • 256 megabytes (MB) of memory.

  • 20 MB of available hard disk space.

  • A network adapter to communicate with the internal network.

  • One local hard disk partition that is formatted with the NTFS file system.

  • To implement the array and enterprise-level policy configuration, you must also run Active Directory.

  • If you are using ISA Server in firewall or integrated mode, two network adapters are required.

  • If your ISA Server is also supporting other services, such as e-mail or Web services, additional resources might be required.

Use Table 5.3 to determine the type of computers to use and whether you require an array.

Table 5.3: Hardware Requirements for Different Network Loads

Hits per Second

Minimum Hardware Required

RAM

Less than 500

One computer, Pentium II, 300 MHz processor

256 MB

500 to 900

One computer, Pentium III, 550 MHz processor

256MB

More than 900

One computer, Pentium III, 550 MHz processor, for each 800 hits per second increment

256 MB per server

Note

You can also use Performance Monitor to identify bottlenecks and determine whether to add more servers.

If multiple computers are required to handle the network load, consider setting up an array of ISA Server-based computers. Arrays allow Web cache routing across a group of ISA Server-based computers. For more information, see "Configuring ISA Server in an Array" later in this chapter.

Firewall Requirements

Table 5.4 lists hardware requirements and network connections based on expected throughput for firewall clients accessing content on the Internet.

Table 5.4: Hardware Requirements for Firewall

Throughput Requirements

Minimum Hardware Required

Internet Connection Type

36 Kilobits per second (Kbps) to 1 Megabits per second (Mbps)

One computer, Pentium II, 300 MHz processor

POTS modem, cable modem, or xDSL

384 Kbps to 1.5 Megabits per second (Mbps)

One computer, Pentium II, 300 MHz processor

T1

3 Mbps - 44 Mbps

One computer, Pentium III, 550 MHz processor

T3 or faster

More than 44 Mbps

One computer, Pentium III, 550 MHz, for each 50 MB/second required

OC3 or faster

Forward Caching Requirements

You can deploy ISA Server as a forward-caching server, which maintains a centralized cache of frequently-requested Internet content. In this case, consider how many users might access the Internet.

Table 5.5 lists the hardware requirements for using ISA Server in forward cache mode.

Table 5.5: Hardware Requirements for Forward Caching

Internet Users

Minimum Hardware Required

RAM

Disk Space for Caching

Up to 500

One computer, Pentium II, 300 MHz processor

256 MB

2-4 Gigabytes (GB)

500-1,000

One computer, two Pentium III, 550 MHz processors

256 MB

10 GB

More than 1,000

Two computers, Pentium III, 550 MHz processors

256 MB for each server

10 GB for each server

If your user-base exceeds 1,000 users, you can use hardware with faster processors and more memory, or you can add more ISA Server installations.

Reverse Caching Requirements

You can deploy ISA Server as a reverse-caching server to fulfill Web requests from the Internet to your network. For example, you might place an ISA Server computer between the Internet and an organization's Web server that is hosting a commercial Web business or providing access to business partners. In that case, you need to consider how often external clients might request content from the publishing servers.

Table 5.6 lists hardware requirements for ISA Server in reverse cache mode, based on the number of hits per second from Internet users.

Table 5.6: Hardware Requirements for Reverse Caching

Hits Per Second

Minimum Hardware Required

Fewer than 100

One computer, Pentium II, 300 MHz processor

101 to 250

One computer, Pentium III, 450 MHz processor

More than 250

One computer, Pentium III, 550 MHz processor for each 250 hits per second. You can use Performance Monitor to determine bottlenecks, and then add more servers or more powerful hardware, as necessary.

Memory requirements depend on the size of the cacheable content that you are publishing, and the working set of the content. Ideally, all cacheable content should fit into the available memory. By default, the ISA Web Proxy service uses half of the available server memory for RAM caching. For example, if the Web site you are publishing has 250 MB of cacheable content, then your ISA server computer should have at least twice this much available RAM before the Web Proxy service starts.

Adding Computers

In some cases, you need to decide whether to add an additional ISA Server-based computer or to improve the performance of the existing computer by adding an additional processor. Each option has different advantages.

When you add a new computer and create an array of ISA Server-based computers, you set up a fault-tolerant system. If one computer fails, the other continues to function. On the other hand, adding a computer means that you have to purchase and manage additional hardware and any software that is installed on the computer.

Designing for Scalability

When designing for scalability, consider differences between Microsoft Internet Security and Acceleration (ISA) Server Standard Edition and Microsoft Internet Security and Acceleration (ISA) Server Enterprise Edition, such as:

  • ISA Server Standard Edition supports only a single computer configuration, and therefore, cannot be used in an array.

  • ISA Server Enterprise Edition can be configured either in a single computer configuration or in an array.

Configuring ISA Server in an Array

Computers running ISA Server Enterprise Edition can be grouped together in arrays. An array is a group of ISA Server-based computers used to perform Web cache routing. Arrays allow a group of ISA Server-based computers to be treated and managed as a single, logical entity. An array installation also provides increased performance and bandwidth savings. Grouping your ISA Server-based computers in an array allows your client requests to be distributed among multiple servers, thereby improving response time for clients.

All the servers in an array share a common configuration. This saves management time because the array is configured once and the configuration is applied to all the servers in the array. Furthermore, you can apply an enterprise policy to an array. This allows centralized management for all the arrays in the enterprise. A unique array policy can be applied to each array in the enterprise.

It is recommended that you consider installing ISA Server as an array even if there is only one server. The advantages to this include the ability to easily add an additional server to the array in the future and the ability to use the advanced array management features.

Note

All array members must be in the same domain and in the same site.

Table 5.7 compares ISA Server features as a stand-alone server and in an array configuration.

Table 5.7: Comparing Features of ISA Server as a Stand-Alone Server or as an Array

ISA Server Stand-Alone Server

ISA Server Array

Can be installed in a Windows NT 4.0 domain.

Requires Active Directory.

Cannot use array or enterprise policies.

Uses both enterprise- and array-level policies.

Installs from either ISA Server Standard or ISA Server Enterprise Edition.

Installs from ISA Server Enterprise Edition only.

ISA Server and DNS Round Robin

Firewall and Web proxy clients can achieve fault tolerance when two or more computers running ISA Server are used together with a Domain Name System (DNS) server.

You can use DNS to assign the same name to all the ISA Server-based computers in a cluster. With this configuration, when a client requests an object from the ISA Server-based computer specifying the DNS name, the DNS server resolves the name to one of the computers running ISA Server in the array in a round robin fashion. This increases fault tolerance through redundancy and improves performance through the use of multiple computers answering client requests.

Note

For DNS round robin to work for an ISA array, the duplicated resource records must all use the array name.

Figure 5.10 shows the DNS server receiving a request from the clients and forwarding the request to the computers running ISA Server in a round-robin configuration.


Figure 5.10: DNS Round Robin




Microsoft Corporation Microsoft Windows Server 2003 Deployment Kit(c) Deploying Network Services 2003
Microsoft Corporation Microsoft Windows Server 2003 Deployment Kit(c) Deploying Network Services 2003
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 146

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net