and make that group a member of the appropriate local groups on the nodes.Also, assign NTFS permissions in a similar manner. Cluster Data Security As with any server, data should be accessed in a controlled manner.You do not want users accessing, deleting, or corrupting data. Assign appropriate NTFS file system permissions on a server cluster, just as you would assign them on a stand-alone server. Disk Resource Security Use NTFS permissions to ensure that only members of the Administrators group and the cluster service account can access the quorum disk. If you use scripts and the generic script resource type, you should assign appropriate NTFS Execute permissions to the scripts. A buggy script, or one run in an unplanned or uncontrolled manner, may cause data loss or a service outage. Cluster Configuration Log File Security When a cluster is created or a node is added to a cluster using the Wizard, a file containing critical information about the cluster is placed the %systemroot%\System32\LogFiles\Cluster\ directory, unless you do not have administrative permissions on the node; in that case, the file is placed in the %temp% directory.The log file, ClCfgSrv.log, should have NTFS permissions that allow access to only the Administrators group and the cluster service account. Creating a New Cluster Use the following steps to create a server cluster. Only the creation of the first node is covered. Each server cluster and network configuration is unique.You will need to substitute your TCP/IP addresses and account names, and adjust this process to fit your hardware. 1. Properly assemble your hardware. Ensure that only this first node is connected to and can access the shared storage unit(s). 2. Assign friendly names to your network interfaces and configure them with static IP addresses. 3. Log on to your domain with an account capable of creating user accounts. Open Active Directory Users and Computers. In the Users container, create an account called ClusterAdmin matching the settings shown in Figures 6.26 and 6.27. Close Active Directory Users and Computers. 216 Chapter 6 • Implementing Windows Cluster Services and Network Load Balancing 301_BD_W2k3_06.qxd 5/13/04 3:06 PM Page 216 4. Log on to your first cluster node and start Cluster Administrator by selecting Start | Administrative Tools | Cluster Administrator. 5. When the Open Connection to Cluster dialog box is presented (Figure 6.28), select Create new cluster from the Action drop-down box and click OK. Implementing Windows Cluster Services and Network Load Balancing • Chapter 6 217 Figure 6.26 Create a New Cluster Service User Account Figure 6.27 Assign a Password and Properties to New Cluster Service User Account 301_BD_W2k3_06.qxd 5/13/04 3:06 PM Page 217 6. The New Server Cluster Wizard will start, as shown in Figure 6.29. Click Next. 7. Select your domain in the Domain drop-down list and enter cluster1 in the Cluster name text box, as shown in Figure 6.30. Click Next. 218 Chapter 6 • Implementing Windows Cluster Services and Network Load Balancing Figure 6.28 Open Connection to Cluster Figure 6.29 The New Server Cluster Wizard’s Welcome Window 301_BD_W2k3_06.qxd 5/13/04 3:06 PM Page 218 8. Enter the name of the computer that will become your first node in the Computer name text box, as shown in Figure 6.31, and click Next. 9. The Analyzing Configuration window will appear, as shown in Figure 6.32, while the configuration of the node is verified.You can click the View Log… button to see the his- tory of actions the Wizard has performed, or click the Details… button to see the most recent task. Implementing Windows Cluster Services and Network Load Balancing • Chapter 6 219 Figure 6.30 Specify the Cluster Name and Domain Figure 6.31 Select the Computer Name Figure 6.32 Analyzing the Configuration of the Cluster Node 301_BD_W2k3_06.qxd 5/13/04 3:06 PM Page 219 10. When the analysis is completed, the Analyzing Configuration window will show the tasks completed, as shown in Figure 6.33. Click the plus signs (+) to see the details behind each step. When you’re finished examining the details, click Next. 11. You are asked what IP address you want assigned to the server cluster, as shown in Figure 6.34. Enter the appropriate IP Address and click Next. 12. In the Cluster Service Account window, shown in Figure 6.35, enter the User name, Password, and Domain for the cluster service account you created in step 3.Then click Next. 220 Chapter 6 • Implementing Windows Cluster Services and Network Load Balancing Figure 6.33 Finished Analyzing the Configuration of the Cluster Node Figure 6.34 Enter the Cluster IP Address 301_BD_W2k3_06.qxd 5/13/04 3:06 PM Page 220 13. The Wizard will display the proposed server cluster configuration, as shown in Figure 6.36. Review the information. 14. Click the Quorum… button. Select the correct quorum disk for your configuration from the drop-down list, as shown in Figure 6.37, and select OK. Implementing Windows Cluster Services and Network Load Balancing • Chapter 6 221 Figure 6.35 Enter the Cluster Service Account Information Figure 6.36 Review the Proposed Cluster Configuration 301_BD_W2k3_06.qxd 5/13/04 3:06 PM Page 221 15. The Wizard will now create the server cluster, as shown in Figure 6.38. As the configura- tion progresses, you can click View Log… or Details… to see what the Wizard is doing. 16. When the Wizard finishes creating the server cluster, the Creating the Cluster window will show the tasks completed, as shown in Figure 6.39. Click the plus signs (+) to see details about each step performed. Click Next. 222 Chapter 6 • Implementing Windows Cluster Services and Network Load Balancing Figure 6.37 Select the Quorum Disk Figure 6.38 Creating the Cluster 301_BD_W2k3_06.qxd 5/13/04 3:06 PM Page 222 17. The Wizard informs you that the server cluster is created, as shown in Figure 6.40.You can click View Log… to examine all of the activity involved in the creation. Click Finish to exit the Wizard. 18. The Cluster Administrator utility appears. As shown in Figure 6.41, it displays the server cluster you just created. Implementing Windows Cluster Services and Network Load Balancing • Chapter 6 223 Figure 6.39 Completed Cluster Creation Figure 6.40 The Wizard’s Final Window 301_BD_W2k3_06.qxd 5/13/04 3:06 PM Page 223 19. Right-click the server cluster name (CLUSTER1) and select Properties. Click the Network Priority tab and move Interconnect to the top of the list, as shown in Figure 6.42. Click Apply. 20. Examine the Quorum and Security tabs to become familiar with the default settings on these tabs. When you have finished reviewing the configuration of these tabs, click OK. Then close Cluster Administrator. Making Network Load Balancing Part of Your High-Availability Plan The other high-availability tool included in Windows Server 2003 is Network Load Balancing (NLB). A primary use for NLB is increasing the scalability and availability of Internet applications (Web, FTP, VPN, firewall, proxy servers, and so on) by having multiple machines simultaneously 224 Chapter 6 • Implementing Windows Cluster Services and Network Load Balancing Figure 6.41 The Newly Created Cluster Figure 6.42 Change Network Priorities 301_BD_W2k3_06.qxd 5/13/04 3:06 PM Page 224 answering and serving client requests. NLB is included in all versions of Windows Server 2003 and is installed automatically, although it must be configured and activated before it is usable. Microsoft also considers NLB a clustering technology.The two clustering technologies are very different and serve different purposes. A server cluster requires specialized hardware, and there is typ- ically one installed copy of each application, which moves between server cluster nodes. Only the node actively hosting the application responds to client requests.An NLB cluster does not require any specialized or additional hardware. Every host runs a separate and independent copy of the applica- tion and actively responds to client requests. Server clusters are used mainly for database-type appli- cations. NLB clusters are used for traffic or communication type applications. NLB has been available since Windows NT 4, when it was an add-in component called Windows Load Balancing Service (WLBS).You will still see NLB called this in some utilities and documentation. Unless specifically referred to in a historical context, the terms WLBS and NLB should be considered interchangeable. Terminology and Concepts NLB introduces some new terms for dealing with this form of clustering. Some terms are similar to those used with server clusters, but they have different meanings. Hosts/Default Host When referring to NLB, a host is a server running any edition of Windows Server 2003 that has been configured to respond to client requests via the NLB driver. Since NLB is automatically installed, any Windows Server 2003 server has the potential to be an NLB host. The default host in an NLB cluster is the host with the highest currently active priority.The pri- ority is a unique identifying number assigned to each host in an NLB cluster. An NLB cluster can have up to 32 hosts, so the priorities range from 1 to 32. Hosts cannot be configured to have the same priority. Load Weight As previously mentioned, an NLB cluster can consist of up to 32 hosts.The hosts do not need to be identical in hardware or configuration.The load weight is a mechanism for distributing the traffic load within an NLB cluster to the hosts that are most suited to handle the load. Lighter loads can be configured for hosts with less capacity and heavier loads for more robust hosts. The load weight is applicable only if specifically configured; otherwise, all hosts are configured with equal load weights. When used, each host is assigned a load weight from 0 (lowest weight) to 100 (highest weight).The weights from all active hosts in the cluster are averaged, and traffic is dis- tributed accordingly. In this way, the load weight is a relative value within the NLB cluster. Traffic Distribution The way requests from clients are spread out among the hosts in an NLB cluster is referred to as traffic distribution. Each host in an NLB cluster is configured with at least two IP addresses. One address is reserved for the nonclustered traffic directed to the host, and the second IP address is shared among all nodes in the cluster and is called the cluster IP address. It is to this second IP address that clients direct their requests. Implementing Windows Cluster Services and Network Load Balancing • Chapter 6 225 301_BD_W2k3_06.qxd 5/13/04 3:06 PM Page 225 . requests via the NLB driver. Since NLB is automatically installed, any Windows Server 2003 server has the potential to be an NLB host. The default host in an NLB cluster is the host with the highest. see what the Wizard is doing. 16. When the Wizard finishes creating the server cluster, the Creating the Cluster window will show the tasks completed, as shown in Figure 6.39. Click the plus signs. 6.32, while the configuration of the node is verified.You can click the View Log… button to see the his- tory of actions the Wizard has performed, or click the Details… button to see the most recent