Before installing ColdFusion Server 5 and ClusterCATS, you should perform the following pre-installation tasks:
ClusterCATS software requires that you register the forward lookup (host name-to-address translation) and reverse lookup (address-to-host name translation) entries with your DNS server. For evaluation purposes, you can use host files, but the ColdFusion team does not recommend this approach in a production environment.
Note ClusterCATS does not support Dynamic Host Configuration Protocol (DHCP). You must assign a unique IP address to each Web server. |
When you enter a URL into a Web browser, the browser can locate the Web site that you want to visit because of the name-to-IP address translation that the Internet Domain Name System (DNS) performs. The two types of DNS servers involved in the name-to-IP mapping translation are primary DNS servers and local DNS servers. This section describes these two types of DNS servers.
The primary DNS server provides the final mapping of your Web site name to the computer where your Web site resides. The primary DNS server can be located anywhere on the Internet, but most reside in the same physical location as the Web servers or at the ISP that provides the connection between your Web servers and the Internet.
The primary DNS server contains tables of forward and reverse name translations. For example, forward translation entries (A records) look like this:
URL |
IP Address |
www1.company.com |
192.168.0.1 |
www2.company.com |
192.168.0.2 |
Reverse translation entries (PTR records) are just the opposite and look like this:
IP Address |
URL |
192.168.0.1 |
www1.company.com |
192.168.0.2 |
www2.company.com |
It is important that you configure your Web sites to have forward and reverse DNS entries on your primary DNS server. If you are not responsible for maintaining your primary DNS server, tell your DNS administrator to add both forward and reverse entries for your explicit Web server names (www1.company.com, www2.company.com, and so on).
Note If both forward and reverse translations are not configured for each explicit Web server, ClusterCATS will not operate correctly. |
A local DNS server usually resides at the Web hosting facility. The local DNS server stores its own local table of name translations for the Web sites that the browser has visited. If a user enters a URL of a site in a browser that the browser has already visited, it retrieves the host name-to-IP address translation from the local DNS server's table. However, if a user enters a URL for a site that the browser on that computer has never visited, the local DNS server must access the primary DNS server on the Internet to resolve the name-to-IP mapping before the browser can send a request to the appropriate Web server.
If round-robin DNS is being used, the primary DNS server determines which server in the cluster is next in line to receive the request.
You must configure DNS so that the forward and reverse lookup translation entries are entered and registered correctly with your primary DNS server. To accomplish this, you must define required DNS records (A records and PTR records) for your Web servers on your primary DNS server.
Besides standard name translations, your primary DNS server can also distribute HTTP requests sequentially across clustered servers using a technique called round-robin DNS. This service allows DNS to return a list of multiple servers back to the browser that requests a name translation.
Round-robin DNS and ClusterCATS work well together. You do not want to rely on just round-robin DNS for distributing load for your business-critical sites because DNS functionality is limited. In short, DNS is a good load distribution technique, but it cannot manage load because it is unable to react to increases in server traffic. It also cannot detect server failures nor redirect requests among available servers. ClusterCATS compensates for these limitations.
The ColdFusion team recommends that you use round-robin DNS or a hardware load-balancing device to distribute requests initially to the Web servers in your cluster. Following the initial distribution, the ClusterCATS load management and failover features automatically take over and ensure that your Web applications remain up and running.
For high volume sites, you should use round-robin DNS to distribute requests to the Web servers in your cluster initially. The load-management component of ClusterCATS enhances round-robin DNS by eliminating its two major limitations:
You must ensure that round-robin DNS entries are configured correctly on your primary DNS server so that ClusterCATS operates effectively with round-robin DNS. For example, for a single-location cluster of servers consisting of four servers, you must configure round-robin DNS across all four servers for the domain name and individual IP addresses for each explicit server name.
The following tables show an example of forward and reverse entries in the DNS.
IP Address |
Host Name |
---|---|
193.168.0.1 |
www1.company.com |
193.168.0.2 |
www2.company.com |
193.168.0.3 |
www3.company.com |
193.168.0.4 |
www4.company.com |
Round-robin DNS distributes the initial domain-level requests across all four servers. Thereafter, ClusterCATS distributes load to avoid failed or overloaded servers.
Note When using round-robin DNS, do not define a reverse mapping (PTR record) for the site name (www.company.com); the cluster does not operate properly if you do. Only define forward mappings (A records) for www.company.com. However, define both A records and PTR records for all of the explicit servers (www1, www2,...) in the cluster. This configuration ensures that requests cycle through the servers sequentially in round-robin fashion. |
ClusterCATS protects clusters from server hardware and software failures. When a server stops sending or receiving packets from the network, another member assumes its IP address (and therefore, its HTTP requests), and picks up all HTTP traffic originally addressed to the failed server. Server failover services are provided on a per subnet basis.
You can select the Webserver (IP address) fail-over option during the installation process. If you do not select it during installation, you must reinstall ClusterCATS and select that option. Preparing your site for ClusterCATS server failover can require uninstalling your Web server software. For more information on using server failover in Windows systems, see Advanced ColdFusion Administration.
The ClusterCATS software can be configured to dynamically enable the IP address(es), associated with a Web site(s), while it is running. While the ClusterCATS software is stopped on the local system, the IP address will not be enabled on that system but might migrate to another server participating in the same cluster where IP address fail-over support has been installed.
This addressing scheme also involves a static maintenance address for each server that allows you and ClusterCATS to contact that server at any time, even during a Web server failure.
The setup for ClusterCATS dynamic IP addressing varies depending on your cluster's operating system:
The ClusterCATS IP address fail-over subsystem requires that the Streams Environment be installed so that Address Resolution Protocol (ARP) messages can be transmitted.
Note You must add the STREAMS Environment to the network protocols in Windows NT 4.0 systems before installing ClusterCATS for ColdFusion. The ClusterCATS installation procedure automatically configures STREAMS for Windows 2000 systems. |
The Select Network Protocol dialog box displays.
Many corporate environments today rely on firewalls to securely control access to proprietary knowledge that resides on public Internet sites, intranet sites, or private extranet sites. You can configure ClusterCATS to work across one or more firewalls.
A common technique is to use Network Address Translation (NAT) as a security precaution on your firewall. This configuration segregates internal and external resources and facilitates extra control and monitoring of Web traffic.
Note If no internal DNS server is available, you can use the hosts files as the source of name resolution. |
External
Internal
|
Forward |
Reverse |
---|---|---|
Server 1 FQHN |
www1.company.com 192.168.0.10 |
192.168.0.10 www1.company.com |
Server 2 FQHN |
www2.company.com 192.168.0.20 |
192.168.0.20 www2.company.com |
Note Do not set up any internal round-robin entries. Also, static IP addresses are recommended in lieu of dynamic IP address when clustering behind any load-balancing or translating hardware. |
Note If you are using static IP addresses with ClusterCATS fail-over, the failing server encounters an IP conflict upon recovery and restarts to reclaim its IP address. |
If you manage your cluster from behind another firewall, you must open both ports so that the ClusterCATS Explorer can communicate with the cluster.
The following diagram illustrates this scenario:
As you can see, this scenario involves Company ABC, which has an East Coast and a West Coast group of servers connected to the Internet and protected by several firewalls. The ClusterCATS Explorer resides at the corporate headquarters behind a firewall with a direct connection to the Internet.
You must open and configure the appropriate communication ports on your firewalls to allow server to server communication in a distributed setting and server to client communication.
Note You must open both ports on all affected firewalls. |
These ports include the following:
Opening port 9123 on your firewall allows multiple, distributed cluster of servers residing in different locations to communicate with one another across firewalls.
Opening port 9129 on a firewall allows the ClusterCATS Explorer to communicate with multiple, distributed clusters of servers across firewalls.
All Web servers, virtual server, or Web sites in the same cluster must have identical content.
The default document specified for each Web server in the cluster should be the same on all cluster members; for example, set the default document to default.jsp.
If you are using Windows NT Domain server authentication, then each Web server in a cluster must participate as a member NT server in a domain. Do not make any server in your cluster the primary domain controller (PDC).