CCNP Training Boot Camp
|
Deployment and Operational ManagementCluster administrators
Administrators can specify groups or individuals
that are allowed to manage the cluster. Because NLB
does not implement a cluster-wide administrative
account, the cluster administrator must ensure that
an appropriate administrative account with
Administrator privileges has been enabled on all
cluster hosts. This account is used by NLB
management tools, such as NLB Manager and the NLB
control program, wlbs.exe, to administer individual
NLB hosts. To simplify this process and ensure
uniform access on all hosts, it is preferable to use
a single domain or global group account for this
purpose.
Using the cluster administrative tools through a firewall
The NLB control program, wlbs.exe, should only be
used on NLB hosts or, when remote control operations
have been enabled, only on a trusted, internal
computer within the firewall. By default, remote
control operations are disabled, and they must only
be enabled if the NLB cluster has been protected by
a firewall that blocks UDP control ports 1717 and
2504. Otherwise, unauthorized remote control packets
could be delivered to NLB hosts and thereby cluster
operations.
The NLB Manager administrative tool can safely be used on trusted computers outside the firewall. This tool uses a secure method of communication to access NLB hosts. NLB Manager uses WMI interface to manage NLB hosts. Please refer to WMI/DCOM documentation to see what ports to unblock to allow WMI/DCOM access from outside the firewall. Nevertheless, make sure that this tool is only executed on a trusted, remote computer. Using Kerberos Authentication in an NLB Cluster
NLB does not use its own cluster-wide authentication
mechanism for cluster administration. Instead, NLB
management tools use an appropriate administrative
account, which must be enabled with administrative
privileges on each NLB host. If a domain account is
used for this purpose, it will use Kerberos
authentication to control access to NLB hosts.
Using NLB to support VPN connections
NLB can be used to load balance virtual private
network connections using the PPTP protocol in
Windows 2000 and using both the PPTP or IPSec
protocols in Windows Server 2003. When using IPSec,
some client sessions may be disrupted when a new NLB
host joins the cluster. This issue has been
corrected in Windows XP SP1 and in Windows Server
2003.
Network Security
To coordinate their actions, all NLB hosts
communicate with each other by periodically
exchanging heartbeat messages on a common subnet,
which is also used to receive incoming client
requests. This subnet must be physically protected
from intrusion. Otherwise, unauthorized heartbeat
messages could be delivered to NLB hosts and disrupt
cluster operations. Note that NLB heartbeat messages
use a uniquely assigned Ethertype (0x886F) which is
not normally routed across subnets. However, the
cluster administrator must ensure that unauthorized
computers and devices which could emit invalid NLB
heartbeat packets are not placed directly on the NLB
subnet. The effects of these disruptions are
described below in the subsection "Rogue Servers".
Network Flooding
NLB cluster hosts may be affected by denial of
service attacks, which flood the cluster with
invalid network packets. These attacks can create
additional CPU and network load on the cluster hosts
and thereby delay the handling of valid client
requests. In addition, they can cause NLB hosts to
increase their memory usage up to parameterized
limits. These limits are adjustable by setting
registry variables on each NLB host, as described in
the Windows 2000 Resource Kit. In extreme cases, a
high volume of invalid network packets can disrupt
extant client connections and require affected
clients to reconnect to the cluster. Note that the
Windows network protocol stack and server
applications, such as Web servers, also may be
affected by denial of service attacks.
Rogue Servers
Rogue NLB servers on an NLB subnet could emit
heartbeat packets that disrupt cluster operations.
Disruptions can include impeding NLBs convergence
process such that cluster hosts cannot be added and
recovery for a failed host cannot be completed. In
addition, disruptions can block some or all of NLBs
service to clients. NLB subnets must be physically
protected from intrusion by unauthorized computers
and devices.
Best practices
To summarize, best practices for NLB cluster
administrators:
|
Vibrant MCSE Boot camp San Mateo California offers Payless MCSE boot camp, MCSE training boot camp, MCSE certification boot camp, MCSE Cisco Boot camp, MCSE Certification training boot camp. MCSE Training certification boot camp, MCSE Boot Training Camp, MCSE boot certification camp, MCSE UK Boot camp, MCSE san Mateo Boot camp, MCSE Japan boot camp, MCSE USA Boot camp, MCSE Europe Boot camp, MCSE guaranteed boot camp.
- Do you want to
become Real MCSE, CCNA or CCNP certified?
- Do you want to
Payless for certification?
- Do you want to finish in 2/3 weeks?
MCSE Boot camp, MCSE CCNA CCNP Boot
camp, MCSE / MCSA Boot camp ...
Offers boot camp training on
Microsoft MCSE, MCSD.NET, MCDBA, Cisco CCNA, CCNP,
Citrix CCA, Oracle, Java J2EE, CompTIA, Check Point and Red
Hat Linux ...
Cisco CCNA Boot Camp Training - One Week
CCNA BootCamp
We Specialize in Cisco CCNA & CCNP Boot
Camp Training and Microsoft MCSE and MCSA
Boot Camp Training Courses.
Certification Cisco Boot Camp training
classes CCNP CISSP CCSP CCIE
We provide GUARANTEED nationwide MCSE and
Cisco Boot Camps as well as Java, Linux,
Oracle, CIW, i-Net+, Network+, XML, and A+ certification
training.
MCSE Boot Camp Cisco training certification CISSP classes MCAD MCSD
Offers A+, MCSE, Oracle, MCDBA, Cisco CCNA, and CCNP certification training boot
camps nationwide.
Ccie Bootcamp Training - Learn ccie
bootcamps study Ccie ...
ccie bootcamp Courses and Ccie
Bootcamp Training. ... ccie bootcamp :
CCIE
certification training bootcamp in Mumbai, India ·
workshop / seminar CCIE ...
Ccnp Boot Camp Training - Learn ccnp boot camps study Ccnp Boot ...
ccnp boot camp Courses and Ccnp Boot Camp Training.
Heinz Ulm's Training and Bootcamp
exercises, deepening skills. Quiet,
comfortable training rooms to support your
CCIE studying needs ... US CCNP Boot camp
student: "I'm tickled to death!" ...
BootCamp MCSE, CCNA Training
-Resources.
Bootcamps and Training MCSE/MCSA,
CCNA/CCNP, Others. Advantages of attending boot
camps over self learning:. 1. Fast and focused
learning: Usually, the boot ...
Unitek: Training: Cisco: 13-Day Official
CCNP Boot Camp
Unitek Information Sytems offers high-end IT
training, consulting and contracting
services. Unitek is an authorized microsoft certified
training education ...
CCNP Boot Camp Training Course
CCNP Boot Camp Training Course.
GlobalNet's CCNP 11-Day course will provide you
with everything you need to pass your CCNP exams -
Guaranteed.
MCSA : MCSE : MCSE + Security : CCNA : CCNP : Bootcamp : MCSE training : Vibrant MCSE : Vibrant CCNA : Vibrant CCNP : camp : MCITP Boot Camp : CCNA MCITP Boot Camp : CCNA MCSE Boot Camp : MCITP MCSE Boot Camp : MCSE MCITP CCNA Boot Camp : Upgrade MCITP Boot Camp : Upgrade to MCITP CCNA Boot Camp : MCITP MCSE UPGRADE MCITP Boot Camp: : Home : links : Resources : Ref1 : Ref2
|
