Load Balancing and Failover

Top  Previous  Next

 

mSuite can be configured to provide a resilient solution that will distribute load between systems and automatically redirect traffic if one of the systems fails.  The most important consideration in implementing a resilient system is to ensure that there are no single points of failure.

 

All resilient configurations need the configuration database to be implemented using a high availability database strategy, see http://www.microsoft.com/sqlserver/2008/en/us/high-availability.aspx for an overview of the options that are available and their impact on reliability.

 

Once you have the database working in a high availability mode, there are different strategies for building a resilient system using mSuite depending on whether you are configured to use the Internet Proxy (CSC) or a DMZ or Local Proxy.

       Load balancing and failover using the CSC

This is the simplest method of achieving a resilient solution.  CommonTime's CSC will automatically distribute load and failover between multiple mSuite installations that are sharing the same configuration database.

To add this capability to your mSuite installation, you just need to install a second instance of mSuite on another machine, this installation must use the same security certificate as the original installation and the same configuration database.

To scale the solution or add further resilience, just add more mSuite servers that conform to the same requirements.

 

       Load balancing and fail over using a DMZ or Local Proxy

If you are using a DMZ proxy or Local proxy, you will need multiple mSuite installations that are sharing a configuration database and using the same security certificate.  You will also need one DMZ or Local proxy for each mSuite installation.

There are two methods of distributing load and failing over in this scenario:

1.Network Load Balancing - this can be achieved though the software capabilities of Windows Server 2003 and Windows Server 2008 or by using specialized hardware solutions.  The Windows Network Load Balancer (NLB) presents one external address to devices making a connection and then distributes the load between the DMZ (or Local) proxy external listener addresses.  The proxy then directs traffic to the mSuite installation that it is configured to communicate with.  If one of the mSuite installations fails, incoming connections are directed to the remaining operational system(s).
2.Round Robin DNS and multiple proxy listeners.  In this approach, each DMZ or Local proxy is published through the external firewall and a Round Robin DNS entry made to give the same hostname to the multiple proxy listeners.  The mSuite client on the mobile device randomizes the connection address from the list returned by the DNS lookup.  If the connection fails, the client will try the next address from the address list.  From mSuite 5.07, proxy to proxy load balancing and failover has been added to this architecture - see below.

See also: http://en.wikipedia.org/wiki/Round_robin_DNS

 

       Proxy client redirection

What is Proxy Client Redirection?

Version 5.07 and later supports a mechanism that solves a problem that occurs if an mSuite server fails but the DMZ Proxy is still available.  If this happens, the load balancer may well continue to direct traffic to the failed mSuite chain (Proxy + mSuite server).

If this happens, the client will now be redirected to the physical address of one of the proxies for a chain that is still operational.  The client will continue to connect to this chain until it next transitions back into Prime Time when it will return to the load balancer.  The following diagram illustrates this process.

 

 

       Configuration

Configuration of this capability is quite complex and involves registry settings on all of the proxies.

Proxy Server Registry Settings

Please contact support@commontime.com and we will provide you with a base registry configuration ProxyFailover.reg that you can add to each of the machines that are running a DMZ Proxy server at the head of an mSuite chain.  This registry file will add the following structure to the machine's registry, you must then edit the registry values that are shown in red bold.

 

 

Windows Registry Editor Version 5.00

 

       [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy]

"UseRegistry"=dword:00000001

This must be set to 1 or the Proxy will load its configuration from the mSuite repository rather than the registry values.

@=""

leave as set

"Redirector"=dword:00000000

leave as set

"SendKeepaliveIntervalSeconds"=dword:0000003c

leave as set

"ExpiryGraceMinutes"=dword:0000003c

leave as set

"SFUpdatePeriodSeconds"=dword:0000003c

leave as set

"UpdateIntervalSeconds"=dword:0000003c

leave as set

"BackendRetryConnectSeconds"=dword:0000003c

leave as set

"BackendRetryConfigureSeconds"=dword:0000003c

leave as set

"ThisSite"=dword:00000001

ThisSite will normally be left to 1 as most implementations will be single site.  This references an entry in the topology section later on.

"ThisProxy"=dword:00000001

ThisProxy will be a different value for each of the installed proxies 1,2,3 within the Site.  This references an entry in the topology section later on.

"State"=dword:00000000

leave as set

"LoadUpdateIntervalSeconds"=dword:0000003c

leave as set

"Clustered"=dword:00000001

leave as set

 

       [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy\ExternalListeners]

@=""

leave as set

 

 

 

       [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy\ExternalListeners\TCP]

"Address"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00

This are the addresses that this proxy will listen on for incoming connections from the device either directly via the outer firewall or via the load balancer.  It may be a single address or multiple addresses separated by commas.

"Port"=hex(7):30,00,00,00

These are the TCP ports that the proxy will listen on for incoming connections from the device either directly via the outer firewall or via the load balancer.  There needs to 1 port configured for each Address configured above, separate by commas.

@=""

leave as set

 

       [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy\ExternalListeners\UDP]

"Address"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00

leave as set

"Port"=hex(7):30,00,00,00

leave as set

@=""

leave as set

 

       [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy\General]

"MonitoringNetworks"=hex(7):00,00

leave as set

 

       [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy\InternalListeners]

@=""

leave as set

 

 

 

       [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy\InternalListeners\TCP]

"Port"=hex(7):31,00,36,00,35,00,30,00,00,00

List the ports that the proxy will listen on for connections from the CMS.  This is normally 1650.

"Address"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00

List the TCP/IP addresses that the proxy will use to listen for connections from the CMS on.  You can use multiple TCP/IP address, separate by commas.

@=""

leave as set

 

       [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy\InternalListeners\UDP]

"Address"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00

All of the proxies that you have configured must be able to communicate with each other using both directed UDP datagrams and broadcast UDP datagrams. Specify a single IP address of present on the machine being configured capable of performing these communications. Do not leave this value as 0.0.0.0.

"Port"=hex(7):31,00,36,00,35,00,30,00,00,00

The port number used for the UDP communications between the proxies. The same value must be configured on each proxy with the site.

 

       [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy\Topology]

The topology section is common to all of the proxies, each has the same information.  ThisSite and ThisProxy in [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy]tells each proxy installation which values to use from the table below

 

       [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy\Topology\Sites]

 

 

 

       [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy\Topology\Sites\Site 1]

 

The Site Name (Site 1) is not used in the configuration.  You can change it to something meaningful if it helps you understand the configuration at a later date.

"SiteID"=dword:00000001

We will not normally use multiple sites so this will normally be left at the default of 1

 

       [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy\Topology\Sites\Site 1\AccessPoint]

"DeviceAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00

This is the IP address that the device will use to connect to the load balancer. This would normally be the address of the load balancer as published on the outer firewall. Specify only a single IP address,

"DevicePort"=hex(7):30,00,00,00

This is the port number that the device will use to make a TCP connection to a proxy via the load balancer. Specify only a single port number.

"BackendAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00

leave as set

"BackendPort"=hex(7):30,00,00,00

leave as set

 

       [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy\Topology\Sites\Site 1\Servers]

 

 

 

       [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy\Topology\Sites\Site 1\Servers\Proxy 1]

The name of this registry key is intended to be used to specify the server name. The software makes no use of the actual value. Change it to something meaningful so that it helps you understand the configuration at a later date.  There will be one of these sections (Proxy1, Prox2, Proxy...) for each proxy that you need to configure.  This illustration has 2 proxies configured, Proxy1 and Proxy2.

"ProxyID"=dword:00000001

This should correspond to the value of ThisProxy in the registry key[HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy] on the machine Proxy1.

"DeviceAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00

This the IP address that the device can use to establish a TCP connection to Proxy1 without going via the load balancer.

"BackendAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00

leave as set

"DevicePort"=hex(7):30,00,00,00

This the port number that the device can use to establish a TCP connection to Proxy1 without going via the load balancer.

 

       [HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy\Topology\Sites\Site 1\Servers\Proxy 2]

"BackendAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00

leave as set

"DeviceAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00

This the IP address that the device can use to establish a TCP connection to Proxy2 without going via the load balancer.

"DevicePort"=hex(7):30,00,00,00,00,00

This the port number that the device can use to establish a TCP connection to Proxy2 without going via the load balancer.

"ProxyID"=dword:00000002

This should correspond to the value of ThisProxy in the registry key[HKEY_LOCAL_MACHINE\SOFTWARE\Commontime\ConnectionProxy] on the machine Proxy2.

 

 

 

 

The proxies must be able to communicate directly with each other.  This may require an additional network interface for each proxy in addition to the interface that connects to the load balancer.

Please contact support@commontime.com for more information and guidance on configuring resilient mSuite systems.

 


Page url: http://msuitehelp.commontime.com/index.html?ct_adv_load_balancing_and_failover.htm