Module 4: Designing a Highly Available Logical Network Contents Overview Lesson: Selecting TCP/IP Addresses and Routing for the Public Logical Network Lesson: Selecting TCP/IP Addresses and Routing for the Private Logical Network 17 Lesson: Positioning the Network Services and Servers 30 Lab A: Designing a Highly Available Logical Network 41 Information in this document, including URL and other Internet Web site references, is subject to change without notice Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred Complying with all applicable copyright laws is the responsibility of the user Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property  2001 Microsoft Corporation All rights reserved Microsoft, MS-DOS, Windows, Windows NT, Active Directory, BackOffice, FrontPage, Outlook, PowerPoint, Visio, Visual Studio, Win32, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries The names of actual companies and products mentioned herein may be the trademarks of their respective owners Module 4: Designing a Highly Available Logical Network Instructor Notes Presentation: 105 minutes Practices: 30 minutes Lab: 60 minutes This module provides the students with the knowledge and skills that they will need to design a highly available logical network for their Web infrastructure They will be taught a general set of rules for interconnection strategies and routing protocols After completing this module, students will be able to: Select Transmission Control Protocol/Internet Protocol (TCP/IP) addresses and routing for the public logical network ! Select TCP/IP addresses and routing for the private logical network ! Required materials ! Position servers and services in a highly available Web infrastructure To teach this module, you need the following materials: ! ! Delivery Guide ! Preparation tasks Microsoft® PowerPoint® file 2088A_04.ppt Trainer Materials compact disc To prepare for this module: ! Read all of the materials for this module ! Complete the practices and lab iii iv Module 4: Designing a Highly Available Logical Network How to Teach This Module Ensure that the student understands that each lesson in this module is a critical task in the design process and at the end of the module they will complete a lab that helps to tie all of the lessons (tasks) together Knowing that each lesson is a step in the overall process will help the student to stay focused during instruction The instructional strategy for this course is to introduce the students to the concepts of a highly available TCP/IP based logical network You may find that the students have a general understanding of TCP/IP addressing and routing protocols They will learn the rules and protocols for highly available TCP/IP addressing and routing The instructional strategy for this module divides the logical network into the public and private logical networks The public network maps to the User Services tier and the private network maps to the Business Logic and Data Services tiers Lesson: Selecting TCP/IP Addresses and Routing for the Public Logical Network The overview page for this lesson introduces the concepts of a highly available TCP/IP based public logical network that consists of highly reliable components The topic pages for this lesson and the appropriate instructional strategies are listed as follows and you need to be familiar with all of them ISP and User Services tier architecture The students are introduced to the concept of providing fault tolerance for their Web solution by having multiple connections to multiple Internet service providers (ISPs) You need to emphasize the importance of including the User Services tier and the ISP connections to determine the required number of public addresses and the need for static or dynamic routing You need to be familiar with: ! ! Public IP addresses and routing protocols Providing fault tolerance User Services tier The students will understand the general concepts of IP addressing and routing, but you will need to emphasize the importance of minimizing the number of IP addresses and connections You also need to ensure that they understand the need to provide isolation and routing to and from their ISP You need to be familiar with the following topics: ! Multiple subnets ! Network address translation (NAT) ! Routers and firewalls ! Selecting appropriate protocols Module 4: Designing a Highly Available Logical Network Number of IP addresses for the individual servers The purpose of this page is to introduce the students to how they can determine the number of IP addresses for the individual servers If they use network address translation, they can reduce the number of public addresses The students can use server publishing, a feature of Microsoft Internet Security and Acceleration (ISA) Server, to improve security You need to be familiar with: ! ! Number of IP addresses for server clusters Network address translation Server publishing To provide high availability and fault tolerance, the students will learn to configure many of the hosts in the User Services tier into clusters This page provides a high-level overview of Network Load Balancing and server cluster IP address requirements You need to be familiar with the following concepts: ! ! Guidelines Network Load Balancing Server cluster The guidelines page provides the students with the subordinate tasks that they must address before they can create a logical network design for a highly available Web infrastructure You need to review the action steps with the students and ensure that they understand how these steps relate to the task Emphasize to the students the importance of addressing all of these requirements Practice: Select TCP/IP Addresses and Routing for the Public Logical Network You will divide the class into design teams Give the students five minutes to read through the scenario and the design considerations carefully before they answer the questions Tell the class that each team should be prepared to justify their answers v vi Module 4: Designing a Highly Available Logical Network Lesson: Selecting TCP/IP Addresses and Routing for the Private Logical Network The overview page for this lesson introduces the concepts of a highly available TCP/IP based private logical network that consists of highly reliable components Emphasize to the students the importance of isolating the Business Logic and Data Services tiers from the Internet The topic pages for this lesson and the appropriate instructional strategies are listed as follows and you need to be familiar with all of them Subnet isolation The students will learn how to determine the appropriate level of isolation and the number of hosts for the subnets in their Web infrastructure design If they have multiple subnets, they need to provide routing protocols that ensure communications between the subnets You will need to be familiar will all of the following topics: ! ! Network address translation ! Dynamic routing protocol ! Default gateway ! Multiple default gateways ! IP addresses and routing protocols Improving security Load balancing by using default gateways The focus of this page is IP addressing and routing between the Internet and the Business Logic and Data Services tiers Some of the same topics that were discussed in the first lesson for the User Services tier are covered here, but only as they apply to the back end of the Web infrastructure You will need to be familiar with: ! ! Selecting appropriate routing protocols ! Multiple subnets ! Number of IP addresses for the individual servers Routing traffic between tiers Network address translation The requirements for the individual servers on the back end will be different than the requirements for the front end The students will be given recommendations for how they can provide improved security against external attacks You will need to be familiar with NAT as it applies to isolation between the User Services, Business Logic, and Data Services tiers, in addition to the following topics: ! ! Number of IP addresses for server clusters Network address translation Documenting the IP address structure As with the public network or User Services tier, this page recommends that the student configure many of the hosts in the Business Logic and Data Services tiers into clusters Like the previous lesson, you will need to be familiar with the following: ! Network Load Balancing ! Server cluster Module 4: Designing a Highly Available Logical Network Guidelines vii The guidelines page provides the students with the subordinate tasks that they must address before they can create a logical network design for a highly available Web infrastructure You need to review the action steps with the students and ensure that they understand how these steps relate to the task Emphasize to the students the importance of addressing all of these requirements Practice: Select TCP/IP Addresses and Routing for the Private Logical Network You will divide the class into design teams Give the students five minutes to read through the scenario and the design considerations carefully before they answer the questions Tell the class that each team should be prepared to justify their answers Lesson: Positioning the Network Services and Servers The purpose of this lesson is to give the students the knowledge and skills that they require to position the servers and services in a highly available Web infrastructure The topic pages for this lesson and the appropriate instructional strategies are listed as follows Network servers and services in n-tier architecture There are several tables on this page that the students can use as a reference for the features of a highly available Web solution, and the positioning of Microsoft services and products By using the tables, you will review the reasons why and how these features, services, and products support a highly available Web infrastructure You need to be familiar with: ! ! Network servers and services in the User Services tier Network services Positioning Microsoft products The students will need to know how to position servers and services in the User Services tier Use the graphic in the slide to emphasize the positioning strategies for applications and services listed in the table You need to be familiar with: ! ! Applications and services ! Network servers and services in the Business Logic tier Network adapter cards Positioning strategies The students now need to know how to position servers and services in the Business Logic tier Use the graphic in the slide to emphasize the positioning strategies for applications services listed in the table You need to be familiar with: ! Network adapter cards ! Applications and services ! Positioning strategies viii Module 4: Designing a Highly Available Logical Network Network servers and services in the Data Services tier Finally, the students need to know how to position servers and services in the Data Services tier Use the graphic in the slide to emphasize the positioning strategies for applications and services in the table You need to be familiar with: ! ! Applications and services ! Guidelines Network adapter cards Positioning strategies The guidelines page provides the students with the subordinate tasks that they must address before they can create a logical network design that supports a highly available Web infrastructure You need to review the action steps with the students and ensure that they understand how these steps relate to the task Emphasize to the students the importance of addressing all of these requirements Lab A: Designing a Highly Available Logical Network In this lab, the student will design a logical TCP/IP network to meet the needs of the Government Portal scenario Their design will include Internet connectivity, IP addressing, routing for routers and firewalls, IP addressing and routing for servers and clusters, and positioning of network services in the Web infrastructure The students will then make appropriate high availability recommendations for the design where required As with the practices, you will divide the class into design teams Give the students 30 minutes to carefully read through the scenario and the design considerations before they answer the questions If white board space is available, each team should be required to put their design on the board If Microsoft Visio® is available and the students are comfortable using it, you could have them send their design to you for display on the screen Each team should be prepared to justify their answers Depending on team experience, the Web designs can be relatively simple or quite complex You may also discover that some features of their Web design may be incomplete or wrong because they not have the prerequisite knowledge You should only focus on the part of the design that addresses the lesson component being taught You can allow the other teams to critique each design, but it is important that you explain to the students that are no wrong or right answers What they need to take from this exercise is the opportunity to practice their design ideas and obtain peer review in a lab environment Depending on business requirements, their actual design may vary Module 4: Designing a Highly Available Logical Network Overview Designing a Highly Available Logical Network ! Selecting TCP/IP Addresses and Routing for the Private Logical Network ! End Selecting TCP/IP Addresses and Routing for the Public Logical Network ! Start Positioning the Network Services and Servers *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction In this module, you will consider only highly available Transmission Control Protocol/Internet Protocol (TCP/IP) based logical networks You will design your address space by using a group of allocated IP addresses or translate your public IP addresses to the private address space in use It is recommended that your design solution include high quality components If your components are of moderate quality, it is possible to achieve high infrastructure reliability by using multiple moderate quality components to provide redundancy You can load balance clients across these multiple components, or switch the clients to surviving components when failures occur Successful Web-based electronic commerce or IP-based intranets require a highly available network infrastructure The principle elements in creating a reliable and highly available network infrastructure are IP addressing, routing configurations, and services When there were fewer choices for technologies, network designers used a general set of rules that functioned well for interconnection strategies and routing protocols With the increasing range of viable technologies, you must adapt your network design to a wider variety of available options for building networks and the different types of services that your network may offer to users Objectives After completing this module, you will be able to design a highly available logical network Module 4: Designing a Highly Available Logical Network Lesson: Selecting TCP/IP Addresses and Routing for the Public Logical Network Selecting TCP/IP Addresses and Routing for the Public Logical Network ! ISP and User Services Tier Architecture ! Public IP Addresses and Routing Protocols ! Number of IP Addresses for Individual Servers ! Number of IP Addresses for Server Clusters ! Guidelines for Selecting Addresses and Routing for the Public Logical Network *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To achieve high availability, the logical network must consist of highly reliable components, which will not fail or must be fault tolerant You can achieve this redundancy and fault tolerance by including multiple: ! International Organization for Standardization (ISO) layer hubs/repeaters ! ISO layer switches ! ISO layer routers You can achieve high availability by using redundant physical and logical network paths, Internet connections, and services to eliminate single points of failure in your design Multiple connections to several Internet service providers (ISPs) can provide alternative routes to the Internet when one Internet link or router is down Acquiring a large number of public addresses is expensive and in most cases unnecessary You can typically avoid this cost by using network address translation However, if your logical network design requires that a large number of IP addresses be directly accessible from the Internet, you must obtain an appropriate contiguous range of public IP addresses 32 Module 4: Designing a Highly Available Logical Network Network services To ensure that your Web infrastructure is highly available, you must determine which services are appropriate and where the services are positioned in the User Services, Business Logic, and Data Services tiers The following network services support your Web infrastructure Service DNS Providing redundant and scalable host name resolution for the Web infrastructure to internal and external clients WINS Providing redundant and scalable network basic input/output system (NetBIOS) name resolution for internal clients Directory Service (for example, Active Directory™ directory service) Providing a scalable and secure service for security and authentication to internal or external clients DHCP Positioning Microsoft products Supports a highly available logical network by… Provide dynamically issued addresses and configuration to management and build interfaces To ensure that your network servers are highly available, you must determine which Microsoft products are appropriate for your Web solution and how you will configure and position them in your solution to provide the best availability The following Microsoft products will support a highly available Web infrastructure Microsoft Product Supports a highly available logical network by… Windows 2000 Providing a reliable scalable operating system to support a variety of applications Internet Information Services Providing Internet related applications, such as FTP, Hypertext Transfer Protocol (HTTP), and Hypertext Transfer Protocol Secure (HTTPS) SQL Server Providing a secure, scalable, and reliable database to the Internet application Internet Security and Acceleration Server Providing a scalable and reliable firewall to the Web infrastructure Microsoft Application Center 2000 Providing deployment and clustering techniques to the Web infrastructure Module 4: Designing a Highly Available Logical Network 33 Network Servers and Services in the User Services Tier To Business Logic and Data Services Tiers Active Directory // DNS Active Directory DNS Servers Servers ISP ISP Router Internet Internet Router Router ISA ISA Server Server IIS IIS Servers Servers ISA ISA Server Server Routing and Remote Access Routing and Remote Access Servers Servers User Services Tier User Services Tier *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To position the network servers and services in the User Services tier of a highly available Web infrastructure, you must decide which network servers and services will need to interact directly with Internet-based clients You must ensure that all of the network servers and services that need direct client interaction from the Internet are in the perimeter network for the User Services tier All of the other servers and services will be positioned in the Business Logic or Data Service tiers You will provide a more secure, reliable, and scalable Web infrastructure by ensuring that your applications in the User Services tier use the executants and emissaries methodology to gather data from the servers in the Business Logic and Data Services tiers Network adapter cards The servers in the logical network defined for the User Services tier that process inbound client requests will have all of the network cards in the same subnet Having network cards in the same subnet permits inbound/outbound and interserver traffic to be isolated to this subnet Servers in the User Services tier that need to interact with other servers in the Business Logic tier will have a network card on both the User Services and the Business Logic networks Applications and services The Microsoft applications and services that you position in your User Services tier will have maximum exposure to the Internet Minimize security risks by placing only applications and services in the User Services tier that cannot go into a more secure network tier These servers will: ! Fulfill user requests alone or with help from other servers in the User Services tier but without help from other servers in other tiers ! Gather information from the user ! Send the user information by means of an emissary to the business services for processing by an executant ! Receive the results of the business services processing and present those results to the user 34 Module 4: Designing a Highly Available Logical Network Positioning strategies You must position services that provide direct user connectivity in the perimeter network for the User Services tier The following table lists the services with the positioning strategies that ensure a highly available logical network Service Positioning strategies Firewall and proxy servers Position ISA Server for firewall and proxy services between the Internet and the User Services tier Directory service domain controllers Position Windows 2000 based domain controllers providing Active Directory for management, security, and authentication of the servers in the User Services network Name resolution servers Position Windows 2000 running DNS on the servers in the User Services network to allow for name resolution for clients accessing resources in your Internet zone Web services Position IIS servers for HTTP and FTP service on the User Services tier Position Application Center 2000 for Network Load Balancing can manage your IIS server clusters for HTTP traffic and read-only FTP server clusters Virtual private network (VPN) services Position ISA Server and the Routing and Remote Access services for VPN authentication and routing in your User Services tier to provide any VPN connections to your corporate infrastructure or business partners Module 4: Designing a Highly Available Logical Network 35 Network Servers and Services in the Business Logic Tier Active Directory/ DNS // WINS Active Directory/ DNS WINS Servers Servers From User Services Tier To Data Services Tier COM+ COM+ Routing Routing ISA ISA Server Server Optional Optional ISA ISA Server Server COM+ COM+ Application Application Servers Servers Business Logic Tier Business Logic Tier *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To position the servers providing network services in your Web infrastructure design, you must decide which network services are used in the Business Logic tier The applications and services placed in the Business Logic tier provide support for requests from servers in the User Services tier Network adapter cards The servers that process requests from the User Services tier on their own or by requesting data from other servers in the Business Logic tier will have all of their network cards on the subnet for the Business Logic network tier Servers in the Business Logic tier that need to interact with the Data Services tier will have a network card(s) on both the Business Logic network and the Data Services network if these tiers are separated The applications and services that are placed in the Business Logic tier are responsible for: ! Receiving input from servers in the User Services tier ! Interacting with the data services servers to perform the business operations that the business logic application was designed to automate (for example, order processing, and so on) ! Sending the processed results back to the servers in the User Services tier 36 Module 4: Designing a Highly Available Logical Network Applications and services Microsoft applications and services will allow you to provide management tools and security for your Business Logic tier The following table lists the appropriate applications and services that support a highly available Web solution Microsoft applications and services Security benefits Firewall and proxy Position ISA Server for firewall and proxy services between the User Services network and the Business Logic network Name resolution servers Use DNS server to service intranet name resolution The DNS server in the Business Logic network will be able to resolve all of the server names in each tier to provide host name resolution for every server in the Web architecture Use WINS server for cluster NetBIOS name resolution The WINS server in the Business Logic network will be able to resolve all of the server names in each tier to provide host name resolution for every server in the Web architecture Providing host name resolution is especially important for server management tools that use NetBIOS names and for server cluster management Directory service domain controllers Use Active Directory running on domain controllers for management, security, and authentication The domain controllers will be in the Business Logic network to provide security and management for the entire Web infrastructure Placing the domain controllers in the Business Logic network will give servers in each tier access to the domain controller for authentication Business Logic servers Use Application Center 2000 for the routing server running component load balancing and the servers running component load balancing Any business logic COM+ components and applications are made highly available by the use of Application Center 2000 through Network Load Balancing and COM+ routing Module 4: Designing a Highly Available Logical Network 37 Network Servers and Services in the Data Services Tier Active Directory Active Directory Servers Servers From Business Logic Tier ISA ISA Server Server SQL Servers SQL Servers Data Services Tier Data Services Tier *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To position the servers providing network services in a Web infrastructure, you must know which applications and network services are used on the Data Services tier of the Web infrastructure The applications and services placed in the Data Services tier are primarily for secure data and a staging area for revisions to the servers in the User Services and Business Logic tiers Network adapter cards All of the servers in the Data Services network will have all of their network cards on the Data Services network to handle any requests from the servers in the Business Logic network or from other servers in the Data Services tier 38 Module 4: Designing a Highly Available Logical Network Applications and services The following types of applications and services are running in the Data Services tier Server Types Positioning strategies Firewall and proxy Position ISA Server for firewall and proxy services between the Business Logic network and the Data Services network Database servers Position SQL Server 2000 in the most securely guarded network to protect the data, which can be the most important information on the entire Web infrastructure These servers will never need direct access from the Internet user; therefore they can be in the most secure part of the network Directory service domain controllers Position Active Directory in the Data Services tier so that servers running Microsoft Exchange and SQL Server that need to authenticate users and services not need to travel across the router to the business logic subnet Management, Content Replication, and test servers Backup servers running Windows 2000 Management servers running Microsoft Management and Operations (MOM) Server Staging servers running Application Center 2000 will be on the Data Services tier or a separate network to provide content testing and replication to the other servers in the Web infrastructure By placing the staging server in the Data Services tier, you can guarantee the maximum isolation between the servers and Internet clients Module 4: Designing a Highly Available Logical Network 39 Guidelines for Positioning the Network Servers and Services in the Web Infrastructure ! Determine which network servers and services must be included in your Web infrastructure ! Determine the position (subnet) for your network servers and services on the User Services tier ! Determine the position (subnet) for your network servers and services on the Business Logic tier ! Determine the position (subnet) for your network servers and services on the Data Services tier *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction After you have documented the network, security, and firewall architecture data for your highly available Web infrastructure, you will determine and select the position of your network servers and services You will position the network servers and services in the User Services, Business Logic, and Data Services tiers Design guidelines You will need to apply the following guidelines as you position the servers providing network services in a Web infrastructure: ! Determine which network application servers and services are included in your Web infrastructure ! Determine the position (subnet) for your network application servers and services on the User Services tier • You must select applications and services that need direct Internet client interaction that can handle either the users’ request or can wait for a response from a request to another server for processing before delivering the data to the user ! Determine the position (subnet) for network servers and services on the Business Logic tier In this tier, the: • Application servers and services will have business logic information that needs more security than servers in the User Services tier • Servers will not need direct Internet client interaction; they receive all of their requests from servers in the User Services tier • Servers will then respond back to the original server with data or pass the transaction to another server for processing 40 Module 4: Designing a Highly Available Logical Network ! Determine the position (subnet) for network servers and services on the Data Services tier In this tier, the: • Application server and services in the Data Services network will contain information that needs to be mostly guarded from intrusion and does not need direct client interaction Module 4: Designing a Highly Available Logical Network 41 Lab A: Designing a Highly Available Logical Network ! Lab overview ! Availability requirements ! Routing protocols ! Isolation requirements ! Positioning servers and services ! Clustering considerations ! Design baseline ! Lab questions *****************************ILLEGAL FOR NON-TRAINER USE****************************** Lab overview In this lab, you will design a logical TCP/IP network to meet the needs of the Government Portal scenario Your design will include Internet connectivity, IP addressing and routing for routers and firewalls, IP addressing and routing for servers and clusters, and positioning of network services in the Web infrastructure You will then make appropriate high availability recommendations for the design where required Availability requirements The Government Portal must remain available in the event of a failure of any network component at an ISP or in the data center for the Web infrastructure In addition to the main portal Web site at the primary data center, three other existing Web sites provided by the portal should remain directly available to Internet users despite single point failures in the network Each of those other Web sites has its own unique IP address Routing protocols The routing protocols for Internet connectivity must support dynamic updates to respond to failures and manual re-configuration of the network components The application design team has determined that each Web server or cluster in the User Services tier needs to be directly addressable from the Internet For those servers that are configured with a default gateway, your design must provide for dynamic failover to a secondary gateway in case of router failure of the primary default gateway Isolation requirements The Business Logic and Data Services tiers should not be accessible to Internet based users The network for the Business Logic and Data Services tiers should be separated from the network containing the Users Services tier servers Servers in the Data Services tier should be accessible only by the servers in the Business Logic tier 42 Module 4: Designing a Highly Available Logical Network Positioning servers and services Web servers in the User Services tier must be accessible from the Internet and they must be able to access the COM+ application servers in the Business Logic tier The COM+ application servers must be able to access the database servers running SQL Server in the Data Services tier Additional access to data stored in legacy data stores will be required, and your design must indicate how these external connections will be made You should locate a staging server for the Web servers in a secure area of the Web infrastructure, but the staging server must be able to communicate directly with the Web servers Include in your design Active Directory, DNS, WINS, and DHCP requirements as determined in Lab A, Module 3, Course 2088A Designing a Highly Available Web Infrastructure Clustering considerations If your solution design includes multiple clusters in the User Services tier, you must provide a way to load balance inbound client requests among the multiple clusters You will also need to consider the following components: ! ! Use component load balancing for load balancing requests to COM+ application servers ! Use Microsoft Cluster service for WINS, DHCP, and database servers running SQL Server Your solution should include other Microsoft technologies where appropriate Firewall Web Cluster Ethernet Segment Firewall Internet Firewall Web Cluster Ethernet Segment Firewall Ethernet Segment Use the architectural design shown in the following graphic as a baseline when answering the questions Ethernet Segment Design baseline Use Network Load Balancing for load balancing requests to Web servers SQL Server Cluster COM+ Cluster SQL Server Cluster Module 4: Designing a Highly Available Logical Network Lab questions 43 How will you provide high availability for the connections to the Internet? The design should include at least two connections to the Internet that the separate ISPs provide Because the front-end Web servers will have Internet routable IP addresses, there will be a minimum of two different subnets that are connected to the Internet How will you design IP addressing and routing for the routers and firewalls? Include in your design the required public and private address spaces required, and the routing protocols for each network segment that you define If a dynamic routing protocol is not used on a segment, you must define how fault tolerance is being addressed for that network segment Each firewall or router will require an Internet routable IP address for each subnet to which they are connected Because the Web servers will require Internet routable IP addresses, the internal interfaces of the routers must also have Internet routable IP addresses You must configure the routers to use RIP version or OSPF to support dynamic updates to the network routing table The ISPs will also likely require RIP and OSPF to support the Border Gateway Protocol You could also implement HSRP to load balance router traffic and provide for automatic failover of the default gateway for hosts on the subnet Alternatively, by specifying multiple default gateways in your host configurations, you can define static load balancing among the routers while still supporting a failover capability NAT will not be necessary because the Web servers will require Internet routable IP addresses 44 Module 4: Designing a Highly Available Logical Network How will you design IP addressing for the individual servers and clusters? You must select appropriate address spaces and allocate IP addresses to the servers and clusters in the solution a User Services tier Each Web server requires a dedicated, Internet routable IP address on the Internet facing adapter In addition, the Web servers in a cluster will share four virtual IP addresses, which resolve to each individual Web site that the cluster hosts The dedicated IP addresses and virtual IP addresses must be on the same subnet The internal facing adapters on each Web server will use private IP addressing, sharing an isolated subnet with the front-end adapters of the Business Logic servers Private IP addresses should come from the following reserved network addresses: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) The subnet mask selected for the private networks should result in a large enough IP address range to allow for sufficient growth of servers in the Web infrastructure b Business Logic tier The Business Logic servers will be connected to two different isolated subnets, thus requiring private IP addresses on two adapters The front-end adapter will share an isolated subnet with the Web servers, and the back-end adapter will share an isolated subnet with the Data Services servers c Data Services tier Each database server running SQL Server will require connection to two isolated subnets with private IP addresses: the first is connected to the isolated subnet that the Business Logic servers share, the second is connected to an isolated heartbeat network that includes only the other node(s) in the server cluster Also, each cluster as a whole requires an IP address for the cluster itself, and an additional IP address for each virtual server that is created on the server (for example, each SQL Server instance) These IP addresses must be on the same subnet as the isolated subnet shared with the Business Logic tier Module 4: Designing a Highly Available Logical Network 45 How should you design routing between the servers in the User Services, Business Logic, and Data Services tiers? Routing for the User Services tier should include a fault tolerant default gateway to the Internet Outbound traffic can go through a different router than inbound traffic There should be no internal routing necessary for the Web servers beyond the back-end subnet to which they are attached, along with the Business Logic tier Domain controllers for the portal.government domain in the User Services tier will require routing to the internal network to maintain a trust relationship to the corpnet.government Active Directory forest In the Business Logic and Data Services tiers, each server can communicate directly with servers on the same subnets to which they are attached This direct communication means that the servers in the Business Logic tier can communicate directly with the Web servers and the servers in the Data Services tier The domain controllers for the child domain of corpnet.government, which support these tiers, will require routing to the internal network to communicate with the corpnet.government Active Directory forest domain controllers Because Network Load Balancing is being used for load balancing the Web servers, and you have a minimum of two subnets for the Web servers, then you will also have a minimum of two clusters of Web servers Therefore, round robin DNS records for each Web site should be made in the external DNS servers to balance the load between the clusters There will be a unique virtual IP for each Web site in each cluster 46 Module 4: Designing a Highly Available Logical Network Where should you place network servers and services for the Web infrastructure in the following tiers? a Internet External DNS servers for Web site name resolution must be on the Internet Firewalls must be on the Internet to provide the first line of defense against malicious attacks b User Services Routers must be the first in line in this tier to provide connectivity to and from the Internet through the ISPs Web servers must be in the tier to communicate directly with clients on the Internet You may use Application Center on the Web servers to provide various cluster management capabilities in addition to Network Load Balancing Domain controllers and Active Directory DNS servers for the portal.government domain must be in this tier for the Web servers domain membership and public user accounts c Business Logic A secondary firewall should separate this tier from the User Services tier The COM+ application servers should be in this tier so that they can communicate with both the Web and data servers The COM+ servers will need to use Application Center to load balance with component load balancing The staging server should also be in this tier so that it can communicate with the Web servers d Data Services Server clusters of database servers running SQL Server with WINS and DHCP services should be in this tier Domain controller/DNS servers for the new child domain of corpnet.government should also be in this tier so that servers in both the Business Logic and Data Services tiers can use their services e Intranet A domain controller for the portal.government domain should be placed on the internal network to allow for employee queries of that Active Directory Having a domain controller on the internal network will require special firewall rules or that you create a virtual private network (VPN) tunnel ... that you are designing must have at least one IP address Module 4: Designing a Highly Available Logical Network Network Load Balancing 11 Network Load Balancing requires at least one virtual... design a highly available logical network 2 Module 4: Designing a Highly Available Logical Network Lesson: Selecting TCP/IP Addresses and Routing for the Public Logical Network Selecting TCP/IP Addresses... in a lab environment Depending on business requirements, their actual design may vary Module 4: Designing a Highly Available Logical Network Overview Designing a Highly Available Logical Network