New Project - Thoughts? (CentOS, HAProxy, Load Balance)...

Jimmy9008

@coliver

@coliver said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Why do you want to load balance multiple IIS instances? Are your individual web servers so big that you can't grow them any longer?

The end goal is to 4 x IIS VMs with each being on a different host. Each VM runs the same site (so 4 running copies on different hardware). With load balancer, especially if they can work as a redundant pair too on separate hosts, we'd have to lose all four IIS VMs, or both Internet lines, or both load balancers, or all four hosts to be unavailable to clients.

Or power/flood/Cloudflare issues/what not.

But in terms of what we have available to us, its within reach to at least have better capability with what we can control. I just need to understand what tools to use now, be in HAProxy, NGINX, NetScaler... etc

But why? What's the benefit to this?

Currently, if IIS website A is running on a VM on Host1, and that host dies, we're down. We have to turn the replica VM on which is on Host2. That's not automatic. By having that website on two VM's, one on Host 1 and one on Host 2, with a load balancer, the lb would stop directing traffic to the failed one and push everything to the live one. The service is better for customers...

Also, for things like Windows Updates. I can take VM 1 out of the load balancer at say midnight, then update the VM, then bring back in... all without any real issues to customers.

Currently, we would affect customers with such things...

This is built into IIS. I'm trying to remember what Microsoft calls it, but you can do it with DFS.

If you have any details, i'd appreciate seeing them...

Romo

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Currently, if IIS website A is running on a VM on Host1, and that host dies, we're down. We have to turn the replica VM on which is on Host2. That's not automatic. By having that website on two VM's, one on Host 1 and one on Host 2, with a load balancer, the lb would stop directing traffic to the failed one and push everything to the live one. The service is better for customers...

I think you are confusing failover with load balancing. I totally see the benefit to having failover, I don't see any to load balancing. That's why I keep prying. I think that you are looking for the wrong solution. Not that the products aren't the same, but your needs and goals are different.

Load balancing is for when you are too big for one system to host. Until you are that big, load balancing is a negative.

Part of load balancing is to stop directing traffic to down instances right? If

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Also, for things like Windows Updates. I can take VM 1 out of the load balancer at say midnight, then update the VM, then bring back in... all without any real issues to customers.

Currently, we would affect customers with such things...

Also does not need load balancing

Wouldn't load balancing give us what we want here? Load balancer will direct traffic away from a down node. Yes, its not a 'failover', you're right... but customers are not affected...

The goal of fail-over is to allow work that would normally be done by one server to be done by another server should the regular one fail.

Load balancing lets you spread load over multiple servers. You would want to do this if you were maxing out your CPU or disk IO or network capacity on a particular server.

Jimmy9008

@Romo said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Currently, if IIS website A is running on a VM on Host1, and that host dies, we're down. We have to turn the replica VM on which is on Host2. That's not automatic. By having that website on two VM's, one on Host 1 and one on Host 2, with a load balancer, the lb would stop directing traffic to the failed one and push everything to the live one. The service is better for customers...

I think you are confusing failover with load balancing. I totally see the benefit to having failover, I don't see any to load balancing. That's why I keep prying. I think that you are looking for the wrong solution. Not that the products aren't the same, but your needs and goals are different.

Load balancing is for when you are too big for one system to host. Until you are that big, load balancing is a negative.

Part of load balancing is to stop directing traffic to down instances right? If

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Also, for things like Windows Updates. I can take VM 1 out of the load balancer at say midnight, then update the VM, then bring back in... all without any real issues to customers.

Currently, we would affect customers with such things...

Also does not need load balancing

Wouldn't load balancing give us what we want here? Load balancer will direct traffic away from a down node. Yes, its not a 'failover', you're right... but customers are not affected...

The goal of fail-over is to allow work that would normally be done by one server to be done by another server should the regular one fail.

Load balancing lets you spread load over multiple servers. You would want to do this if you were maxing out your CPU or disk IO or network capacity on a particular server.

Yes, I get the merit of load balancing. If I am load balancing over multiple VMs on multiple physical boxes, as soon as a host/VM is dead, the load balancer takes the server/VM out of the pool of where to direct clients. One request or so dropped. Very small downtime.

If a host dies but I have to wait for the VM to failover to a second node as part of a windows failover cluster, that takes much longer. The cluster has to realise the VM is down, then bring up and boot it on another host.

By having load balancing do this, as soon as the IIS server stops serving HTTP requests, the LB would take it out of the pool and traffic continues...

I also get the benefit that I can take a VM out of the pool to patch etc, without bringing the service down.

scottalanmiller

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Currently, if IIS website A is running on a VM on Host1, and that host dies, we're down. We have to turn the replica VM on which is on Host2. That's not automatic. By having that website on two VM's, one on Host 1 and one on Host 2, with a load balancer, the lb would stop directing traffic to the failed one and push everything to the live one. The service is better for customers...

I think you are confusing failover with load balancing. I totally see the benefit to having failover, I don't see any to load balancing. That's why I keep prying. I think that you are looking for the wrong solution. Not that the products aren't the same, but your needs and goals are different.

Load balancing is for when you are too big for one system to host. Until you are that big, load balancing is a negative.

Part of load balancing is to stop directing traffic to down instances right? If

Not really. That's failover. Loadbalancers do that, but it is NOT load balancing. It's a different action. What you want is failover WITHOUT load balancing.

scottalanmiller

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Wouldn't load balancing give us what we want here? Load balancer will direct traffic away from a down node. Yes, its not a 'failover', you're right... but customers are not affected...

Absolutely not. Pure load balancing would keep directing traffic to the dead node. You are mixing concepts together because people often use the same devices for both and have gotten stuck talking about the wrong one of the two.

Jimmy9008

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Currently, if IIS website A is running on a VM on Host1, and that host dies, we're down. We have to turn the replica VM on which is on Host2. That's not automatic. By having that website on two VM's, one on Host 1 and one on Host 2, with a load balancer, the lb would stop directing traffic to the failed one and push everything to the live one. The service is better for customers...

I think you are confusing failover with load balancing. I totally see the benefit to having failover, I don't see any to load balancing. That's why I keep prying. I think that you are looking for the wrong solution. Not that the products aren't the same, but your needs and goals are different.

Load balancing is for when you are too big for one system to host. Until you are that big, load balancing is a negative.

Part of load balancing is to stop directing traffic to down instances right? If

Not really. That's failover. Loadbalancers do that, but it is NOT load balancing. It's a different action. What you want is failover WITHOUT load balancing.

It is a different action, yes. Correct. It is however included by using a load balancer. So why wouldn't I use that for accomplishing this?

scottalanmiller

@Romo said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Load balancing lets you spread load over multiple servers. You would want to do this if you were maxing out your CPU or disk IO or network capacity on a particular server.

And to clarify, you would ONLY want to do this if that were true.

Jimmy9008

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Wouldn't load balancing give us what we want here? Load balancer will direct traffic away from a down node. Yes, its not a 'failover', you're right... but customers are not affected...

Absolutely not. Pure load balancing would keep directing traffic to the dead node. You are mixing concepts together because people often use the same devices for both and have gotten stuck talking about the wrong one of the two.

Ok, fair do's. So what would you suggest to use here?

scottalanmiller

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Currently, if IIS website A is running on a VM on Host1, and that host dies, we're down. We have to turn the replica VM on which is on Host2. That's not automatic. By having that website on two VM's, one on Host 1 and one on Host 2, with a load balancer, the lb would stop directing traffic to the failed one and push everything to the live one. The service is better for customers...

I think you are confusing failover with load balancing. I totally see the benefit to having failover, I don't see any to load balancing. That's why I keep prying. I think that you are looking for the wrong solution. Not that the products aren't the same, but your needs and goals are different.

Load balancing is for when you are too big for one system to host. Until you are that big, load balancing is a negative.

Part of load balancing is to stop directing traffic to down instances right? If

Not really. That's failover. Loadbalancers do that, but it is NOT load balancing. It's a different action. What you want is failover WITHOUT load balancing.

It is a different action, yes. Correct. It is however included by using a load balancer. So why wouldn't I use that for accomplishing this?

It is included in SOME load balancing. Only when the device in question is more than a load balancer. Why do you not use a car for watching television even when it includes seats? You are looking for the wrong action, you are really stuck on this. HA-Proxy or NGinx, which are proxies that do both failover and load balancing, will do what you want... because they have failover proxies NOT because they are load balancers, you want their load balancing component shut off! If you only wanted load balancing ,CloudFlare will do that for you.

scottalanmiller

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

Yes, I get the merit of load balancing. If I am load balancing over multiple VMs on multiple physical boxes, as soon as a host/VM is dead, the load balancer takes the server/VM out of the pool of where to direct clients. One request or so dropped. Very small downtime.

No, you are mixing the concepts back together. He just split them out for you. Failover does what you want, LB does not.

scottalanmiller

NGinx and HA-Proxy are fine tools for this, just DO NOT use them as load balancers. No reason for that complexity, it will have no benefits for you, but will have negatives.

Jimmy9008

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

NGinx and HA-Proxy are fine tools for this, just DO NOT use them as load balancers. No reason for that complexity, it will have no benefits for you, but will have negatives.

Yes, I see this now. Thank you. Wrong terminology from me. My goal then is to have multiple IIS instances running on different hardware (on VMs on different hardware), being routed to through a pair of (somethings?) which will stop routing to any of those sites that are down.

scottalanmiller

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

NGinx and HA-Proxy are fine tools for this, just DO NOT use them as load balancers. No reason for that complexity, it will have no benefits for you, but will have negatives.

Yes, I see this now. Thank you. Wrong terminology from me. My goal then is to have multiple IIS instances running on different hardware (on VMs on different hardware), being routed to through a pair of (somethings?) which will stop routing to any of those sites that are down.

Right, yes, and that's why HA-Proxy doesn't have Load Balancing in its name, but rather High Availability. Because failover is its primary use case.

Jimmy9008

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@Jimmy9008 said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

NGinx and HA-Proxy are fine tools for this, just DO NOT use them as load balancers. No reason for that complexity, it will have no benefits for you, but will have negatives.

Yes, I see this now. Thank you. Wrong terminology from me. My goal then is to have multiple IIS instances running on different hardware (on VMs on different hardware), being routed to through a pair of (somethings?) which will stop routing to any of those sites that are down.

Right, yes, and that's why HA-Proxy doesn't have Load Balancing in its name, but rather High Availability. Because failover is its primary use case.

So NGINX over HAProxy? Or something else?

JaredBusch

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

If you only wanted load balancing ,CloudFlare will do that for you.

Actually, no it will not because all loads are behinds two pipes. So Cloudflare could only partially load balance this. He has multiple servers behind two pipes.

Cloudflare cannot load balance the servers, only the two pipes.

scottalanmiller

@JaredBusch said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

If you only wanted load balancing ,CloudFlare will do that for you.

Actually, no it will not because all loads are behinds two pipes. So Cloudflare could only partially load balance this. He has multiple servers behind two pipes.

Cloudflare cannot load balance the servers, only the two pipes.

As long as each server has an IP address, CF will round robin load balance them.

JaredBusch

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@JaredBusch said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

If you only wanted load balancing ,CloudFlare will do that for you.

Actually, no it will not because all loads are behinds two pipes. So Cloudflare could only partially load balance this. He has multiple servers behind two pipes.

Cloudflare cannot load balance the servers, only the two pipes.

As long as each server has an IP address, CF will round robin load balance them.

No Scott, multiple servers on the LAN behind only 2 WAN IP addresses. Cloudflare has no visibility into this. This is basic.

scottalanmiller

@JaredBusch said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@JaredBusch said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

@scottalanmiller said in New Project - Thoughts? (CentOS, HAProxy, Load Balance)...:

If you only wanted load balancing ,CloudFlare will do that for you.

Actually, no it will not because all loads are behinds two pipes. So Cloudflare could only partially load balance this. He has multiple servers behind two pipes.

Cloudflare cannot load balance the servers, only the two pipes.

As long as each server has an IP address, CF will round robin load balance them.

No Scott, multiple servers on the LAN behind only 2 WAN IP addresses. Cloudflare has no visibility into this. This is basic.

Oh, I missed that he had only two WAN IP addresses.

Jimmy9008

Hey folks,

I've got this working using CentOS and HAProxy. I also want to do this with Nginx, so will run with that as a lab next week. More I understand that the better. Thanks for sending me down a good path.

Ok, so, with Linux, what is best practice regarding security?
Using CentOS currently. I assume I need to install an AV, what options do I have? From a fresh install, do I need to close any holes? System update has been done already, but I reckon I am missing lots that is a best practice for Linux?

Like i'e said... totally new with Linux so any pointers would be great. Ive seen the guide to Linux admin posted on this site already and will work through that in the coming weeks... but anything I should be wary of? The 'whatever you do, don't do...' sort of thing...

Jimmy9008

In Windows, Remote Access/RDP etc is not enabled OOB. I assume the same in Linux? Unless you can connect to each through a command line/ssh or something, which maybe needs to be enabled/disabled etc...