Installing and Configuring ColdFusion Server
Preparing Your Server for ClusterCATS

Before You Install ColdFusion Server

Before installing ColdFusion Server 5 and ClusterCATS, you should perform the following pre-installation tasks:

• Configuring DNS servers
• Configuring Web server IP address fail-over
• Using ClusterCATS dynamic IP addressing
• Enabling the STREAMS protocol (Windows NT only)
• Configuring firewalls
• Analyzing Web server content
• Considering domain controllers (Windows NT only)

Configuring DNS servers

ClusterCATS software requires that you register the forward lookup (host name-to-address translation) and reverse lookup (address-to-host name translation) entries with your DNS server. For evaluation purposes, you can use host files, but the ColdFusion team does not recommend this approach in a production environment.

Understanding DNS servers

When you enter a URL into a Web browser, the browser can locate the Web site that you want to visit because of the name-to-IP address translation that the Internet Domain Name System (DNS) performs. The two types of DNS servers involved in the name-to-IP mapping translation are primary DNS servers and local DNS servers. This section describes these two types of DNS servers.

Primary DNS servers

The primary DNS server provides the final mapping of your Web site name to the computer where your Web site resides. The primary DNS server can be located anywhere on the Internet, but most reside in the same physical location as the Web servers or at the ISP that provides the connection between your Web servers and the Internet.

The primary DNS server contains tables of forward and reverse name translations. For example, forward translation entries (A records) look like this:

URL	IP Address
www1.company.com	192.168.0.1
www2.company.com	192.168.0.2

Reverse translation entries (PTR records) are just the opposite and look like this:

IP Address	URL
192.168.0.1	www1.company.com
192.168.0.2	www2.company.com

It is important that you configure your Web sites to have forward and reverse DNS entries on your primary DNS server. If you are not responsible for maintaining your primary DNS server, tell your DNS administrator to add both forward and reverse entries for your explicit Web server names (www1.company.com, www2.company.com, and so on).

Local DNS servers

A local DNS server usually resides at the Web hosting facility. The local DNS server stores its own local table of name translations for the Web sites that the browser has visited. If a user enters a URL of a site in a browser that the browser has already visited, it retrieves the host name-to-IP address translation from the local DNS server's table. However, if a user enters a URL for a site that the browser on that computer has never visited, the local DNS server must access the primary DNS server on the Internet to resolve the name-to-IP mapping before the browser can send a request to the appropriate Web server.

Resolving address mappings:

1. A user enters a Web site URL in the browser.
2. The browser checks the local DNS server for the name-to-IP address mapping. The local DNS server typically resides at the facility where the Web servers are hosted.
3. If the local DNS server does not have the mapping, it goes out to the Internet and locates the primary DNS server to look up the name-to-IP address mapping.

   If round-robin DNS is being used, the primary DNS server determines which server in the cluster is next in line to receive the request.

4. The primary DNS server sends back the translation to the local DNS server, which in turn sends it to the user's browser.
5. The browser is now able to send an HTTP request to the correct Web server hosting the site.

Configuring the primary DNS server

You must configure DNS so that the forward and reverse lookup translation entries are entered and registered correctly with your primary DNS server. To accomplish this, you must define required DNS records (A records and PTR records) for your Web servers on your primary DNS server.

Besides standard name translations, your primary DNS server can also distribute HTTP requests sequentially across clustered servers using a technique called round-robin DNS. This service allows DNS to return a list of multiple servers back to the browser that requests a name translation.

Round-robin DNS and ClusterCATS work well together. You do not want to rely on just round-robin DNS for distributing load for your business-critical sites because DNS functionality is limited. In short, DNS is a good load distribution technique, but it cannot manage load because it is unable to react to increases in server traffic. It also cannot detect server failures nor redirect requests among available servers. ClusterCATS compensates for these limitations.

The ColdFusion team recommends that you use round-robin DNS or a hardware load-balancing device to distribute requests initially to the Web servers in your cluster. Following the initial distribution, the ClusterCATS load management and failover features automatically take over and ensure that your Web applications remain up and running.

Using ClusterCATS with round-robin DNS

For high volume sites, you should use round-robin DNS to distribute requests to the Web servers in your cluster initially. The load-management component of ClusterCATS enhances round-robin DNS by eliminating its two major limitations:

• Server Failure Round robin DNS cannot detect server failure. If a server in a SmartCluster fails, another server on that subnet assumes the IP address of the failed server.
• Server Overload Round-robin DNS cannot detect server overloads. ClusterCATS allows you to configure load thresholds for each server. If the actual server load exceeds the load threshold, ClusterCATS transparently redirects the user to another Web server using an HTTP redirect. Once redirected, user requests and responses flow to and from that server directly, minimizing response time throughout the user session.

You must ensure that round-robin DNS entries are configured correctly on your primary DNS server so that ClusterCATS operates effectively with round-robin DNS. For example, for a single-location cluster of servers consisting of four servers, you must configure round-robin DNS across all four servers for the domain name and individual IP addresses for each explicit server name.

The following tables show an example of forward and reverse entries in the DNS.

Host Name	IP Address
www.company.com	193.168.0.1
www.company.com	193.168.0.2
www.company.com	193.168.0.3
www.company.com	193.168.0.4
www1.company.com	193.168.0.1
www2.company.com	193.168.0.2
www3.company.com	193.168.0.3
www4.company.com	193.168.0.4

IP Address	Host Name
193.168.0.1	www1.company.com
193.168.0.2	www2.company.com
193.168.0.3	www3.company.com
193.168.0.4	www4.company.com

Round-robin DNS distributes the initial domain-level requests across all four servers. Thereafter, ClusterCATS distributes load to avoid failed or overloaded servers.

Configuring Web server IP address fail-over

ClusterCATS protects clusters from server hardware and software failures. When a server stops sending or receiving packets from the network, another member assumes its IP address (and therefore, its HTTP requests), and picks up all HTTP traffic originally addressed to the failed server. Server failover services are provided on a per subnet basis.

You can select the Webserver (IP address) fail-over option during the installation process. If you do not select it during installation, you must reinstall ClusterCATS and select that option. Preparing your site for ClusterCATS server failover can require uninstalling your Web server software. For more information on using server failover in Windows systems, see Advanced ColdFusion Administration.

Using ClusterCATS dynamic IP addressing

The ClusterCATS software can be configured to dynamically enable the IP address(es), associated with a Web site(s), while it is running. While the ClusterCATS software is stopped on the local system, the IP address will not be enabled on that system but might migrate to another server participating in the same cluster where IP address fail-over support has been installed.

This addressing scheme also involves a static maintenance address for each server that allows you and ClusterCATS to contact that server at any time, even during a Web server failure.

The setup for ClusterCATS dynamic IP addressing varies depending on your cluster's operating system:

• Windows On Windows systems, if your IP address for the local system is the same as the IP of your Web server, setting up your site for ClusterCATS dynamic IP addressing can involve reinstalling your Web server software and resetting your TCP/IP settings. You must carefully consider your system configuration before installing ClusterCATS. For more information, see Advanced ColdFusion Administration.
• UNIX You do not need to configure a UNIX system for dynamic IP addressing because it is set up by default if you select it during installation.

Enabling the STREAMS protocol (Windows NT only)

The ClusterCATS IP address fail-over subsystem requires that the Streams Environment be installed so that Address Resolution Protocol (ARP) messages can be transmitted.

To add the STREAMS Environment to Windows NT:

1. Select Start > Settings > Control Panel.
2. Open the Network icon.
3. Click the Protocols tab.

   

4. Click Add.

   The Select Network Protocol dialog box displays.

   

5. Select STREAMS Environment from the list of available network protocols and click OK.
6. Close the Network dialog box. Windows NT prompts you to restart your computer. Click No. (You restart your system at the end of this procedure.)
7. Open the Devices icon in the Control Panel.
8. Select STREAMS Environment from the list of devices and click Startup. Select System for the Startup Type and click OK.
9. Restart your system for the changes to take effect.

Configuring firewalls

Many corporate environments today rely on firewalls to securely control access to proprietary knowledge that resides on public Internet sites, intranet sites, or private extranet sites. You can configure ClusterCATS to work across one or more firewalls.

A common technique is to use Network Address Translation (NAT) as a security precaution on your firewall. This configuration segregates internal and external resources and facilitates extra control and monitoring of Web traffic.

Using ClusterCATS with NAT:

1. Before creating a cluster, you must configure the source of internal and external name resolution. To reset a server with improper name resolution, select Start > Programs > ColdFusion Server 5 > ClusterCATS Server Administrator > Advanced > Reset. Reset each server twice.
2. Make certain that the addresses you are translating, which should correspond to the outside DNS but not the round-robin entries, contain forward and reverse DNS entries corresponding to FQHN. Modify the DNS accordingly.
3. Make certain that the internal addresses, those addresses already translated by the firewall and corresponding to the internal servers, contain forward and reverse DNS entries corresponding to FQHN. Modify the DNS accordingly.
   

   Note If no internal DNS server is available, you can use the hosts files as the source of name resolution.

   
   
4. Ensure that the internal names match the external names. The difference between the external FQHN and the internal FQHN should be the IP addresses. For example, examine DNS entries for the following clusters of two servers:

   External

   	Forward	Reverse
   Server 1 FQHN	www1.company.com 205.205.205.10	205.205.205.10 www1.company.com
   Server 2 FQHN	www2.company.com 205.205.205.20	205.205.205.20 www2.company.com
   Server 1 Round-Robin	www.company.com 205.205.205.10
   Server 2 Round-Robin	www.company.com 205.205.205.20

   Internal

   	Forward	Reverse
   Server 1 FQHN	www1.company.com 192.168.0.10	192.168.0.10 www1.company.com
   Server 2 FQHN	www2.company.com 192.168.0.20	192.168.0.20 www2.company.com

   
   

   Note Do not set up any internal round-robin entries. Also, static IP addresses are recommended in lieu of dynamic IP address when clustering behind any load-balancing or translating hardware.

   
   
5. You should test name resolution using the following diagnostic tools:

   Tool	Description	Usage
   hostinfo	Verifies DNS name resolution	c:>cfusion\brighttiger\program> hostinfo IP address c:>cfusion\brighttiger\program> hostinfo hostname
   btcfgchk	Verifies the configuration	c:>cfusion\brighttiger\program> btcfgchk IP address c:>cfusion\brighttiger\program> btcfgchk hostname
   ping	Checks IP addresses and host names	c:>ping destination IP address c:>ping hostname
   nslookup	Verifies DNS entries	c:>nslookup IP address c:>nslookup hostname
   ipconfig	Verifies the status of the IP stack on all servers	c:>ipconfig/all

6. Create the cluster using the Cluster Creation Wizard. Enter the FQHN for each server in the cluster, its maintenance address, and so on.
7. Enter the external round-robin names in the Web site alias field in the ClusterCATS Explorer. Select Start > Programs > ColdFusion Server 5 > ClusterCATS Explorer. Right-click on the cluster > Configure > Administration > Load Balance > Website Alias.
8. Test fail-over by restarting either server and trying to hit either server with a Web browser. Hit the round-robin name and test its ability to serve.
   

   Note If you are using static IP addresses with ClusterCATS fail-over, the failing server encounters an IP conflict upon recovery and restarts to reclaim its IP address.

   
   

If you manage your cluster from behind another firewall, you must open both ports so that the ClusterCATS Explorer can communicate with the cluster.

The following diagram illustrates this scenario:

As you can see, this scenario involves Company ABC, which has an East Coast and a West Coast group of servers connected to the Internet and protected by several firewalls. The ClusterCATS Explorer resides at the corporate headquarters behind a firewall with a direct connection to the Internet.

You must open and configure the appropriate communication ports on your firewalls to allow server to server communication in a distributed setting and server to client communication.

These ports include the following:

• Port 9123 (for TCP and UDP access)

  Opening port 9123 on your firewall allows multiple, distributed cluster of servers residing in different locations to communicate with one another across firewalls.

• Port 9129 (for TCP and UDP access)

  Opening port 9129 on a firewall allows the ClusterCATS Explorer to communicate with multiple, distributed clusters of servers across firewalls.

Analyzing Web server content

All Web servers, virtual server, or Web sites in the same cluster must have identical content.

The default document specified for each Web server in the cluster should be the same on all cluster members; for example, set the default document to default.jsp.

Considering domain controllers (Windows NT only)

If you are using Windows NT Domain server authentication, then each Web server in a cluster must participate as a member NT server in a domain. Do not make any server in your cluster the primary domain controller (PDC).

Copyright © 2001, Macromedia Inc. All rights reserved.

---