THE INFORMATION IN THIS ARTICLE APPLIES TO:
This article discusses installing DMZ Gateway in a failover cluster and upgrading DMZ Gateway in a failover cluster. This article DOES NOT detail configuration for a High Availability (Active/Active) cluster scenario.
Set up DMZ Gateway in a clustered environment using Microsoft Clustering Services or Globalscape’s monitoring utilities and achieve high availability through failover clustering.
If you have Microsoft Clustering Service (MSCS) deployed, you can use its built-in Resource Monitor to manage the availability of DMZ Gateway. MSCS can manage DMZ Gateway as a generic service.
Clustering setups vary between operating systems, hardware resources used, and various other factors. If you have never set up a server cluster before, please consult your Windows documentation or the Cluster Administrator help file for detailed instructions on setting up a server cluster prior to proceeding. The focus of these instructions is for setting up DMZ Gateway in a pre-existing clustered environment.
Deploying DMZ Gateway in a clustered environment as described in this document is typically the most reliable method to achieve high availability and mitigate down time. For more information specific to clustering with DMZ Gateway, contact Globalscape Customer Support.
For information regarding clustering in Windows Server 2012, refer to the following articles:
Prerequisites for DMZ Gateway in a Clustered Setup
- Operating System requirements
- Microsoft Clustering Service as available on:
- Windows Server 2003 R2 32-bit and 64-bit (IPv6 is not supported)
- Windows Server 2008 R2 (Standard, Enterprise, and Datacenter editions)
- Windows Server 2012 R2 (Standard, Enterprise, and Datacenter editions)
- Hardware and resource requirements
- A complete system for each node of the cluster (minimum of two)
- A shared disk resource such as DAS, or SANS, preferably configured as a RAID-redundant array
- A disk quorum for disk and resource management; a minimum of two adapters per system (one for internal cluster communications, and another for public access)
- Skill Set
- A systems or network administrator familiar with the organization’s structure and skilled in networking, Active Directory (AD), and cluster administration.
Configure the DMZ Gateway Cluster
Perform the steps below to configure clustering before setting up DMZ Gateway on the system.
- Make sure the hardware is set up correctly and there is a shared disk resource, disk quorum, hub, or switch with Ethernet hookups between the two DMZ Gateways, as well as adapters for the crossover and for outside access, an adequate uninterruptible power supply (UPS) support for each device, and so on.
- Make sure you install an operating system that supports clustering on each system.
- Install Active Directory (AD) and configure the domain name service (DNS) on the first node. Choose one of DMZ Gateways to be node 1. The administrator password cannot be left blank.
- Create an account for the cluster in AD with a non-blank password and assign the account to the Administrators group.
- Join the second node to the AD domain.
- Reboot, then log in to the first node with the cluster account.
- Launch the Cluster Configuration Manager from the Add/ Remove Windows components dialog box and create a new cluster.
Complete the new cluster creation wizard, providing a name for the cluster and cluster account credentials. Allow it to manage the disk, quorum, and other shared resources. Verify the quorum drive is correct, and select the private network option. Use one adapter for the cluster nodes and the other for the public network. Specify the IP address for managing the cluster.
- Run the cluster configuration tool on the second node and configure it to be an additional node in the cluster. You will need to provide the cluster name and appropriate cluster account credentials.
- After you have completed the cluster configuration wizard, verify that the two nodes are set up properly from the cluster administrator dialog box. (To access the cluster administrator, click Start > Programs > Administrative Tools > Cluster Administrator.)
- In the left pane, right-click the Resources folder, click New > Resource, then specify the shared IP address on which the DMZ Gateways will listen. Note that DMZ Gateway captures the IP address when the DMZ Gateway service starts, so if the IP address is changed after that, the service must be restarted to capture it.
Configure DMZ Gateway to Run in a Clustered Environment
After you install and configure clustering on the system, perform the following procedure to configure DMZ Gateway in the cluster.
- Install DMZ Gateway on the active node.
- Specify the installation directory for DMZ Gateway:
- For DMZ Gateway 3.0-3.2.x, select the shared disk drive as the installation directory.
- For DMZ Gateway 3.3.x:
- For the installation files, specify a location local to the server.
- For the configuration files, specify a shared disk location.
- When the install completes, launch the product. Connect to DMZ Gateway using the administrator account that you created during installation.
- Open the Services dialog box (in Windows Administrative Tools), open the DMZ Gateway service Properties dialog box, then switch the startup mode from Automatically to Manual.
- Stop the DMZ Gateway service, close the Services dialog box, and launch the Cluster Administrator.
- In the Cluster Administrator, make the second node active: In the left pane, click Groups, right-click the appropriate cluster and disk groups, then click Move Group. All resources should move from the first node over to the second node so that the second DMZ Gateway installation succeeds. If not, the shared disk will lock for the second node. It may take a few moments for the resources to switch over.
- Install DMZ Gateway on the second node once it is active (also to the shared directory), following steps above, and then exit the Services dialog box without stopping the DMZ Gateway service.
- Launch the administration interface, connect to the DMZ Gateway service on the second node, and configure DMZ Gateway.
Integrate DMZ Gateway into the Cluster
After you have set up the DMZ Gateway cluster and configured DMZ Gateway to run in a clustered environment, DMZ Gateway configuration is identical for both DMZ Gateways because both are using the same configuration file stored on the shared disk, saving data to the same place, and sharing the same outside-facing IP address.
To integrate DMZ Gateway into the cluster
- Open the cluster administrator. In the left pane, right-click the Resources folder, click New Resource, expand the Create New Resource list, then click Generic Services.
- Choose both nodes, select all resources as dependencies, then type the exact service name as displayed in the Windows Services dialog box (e.g., "DMZ Gateway Server"; it must be exact, including case.) Do not choose to replicate the registry settings.
- Click Finish to add the service as a resource.
Complete Cluster Configuration and Test
After you set up the DMZ Gateway cluster, configured DMZ Gateway to run in a clustered environment, and integrated DMZ Gateway into the cluster, you should have both nodes configured with shared resources, including a shared IP address, disk array, quorum, and two DMZ Gateways.
Perform tests to ensure the system was correctly configured.
- In the Cluster Manager, right-click the DMZ Gateway Server service, then click Bring Online.
- Open the DMZ Gateway administration interface and verify that it is online.
- In the Cluster Manager, right-click the DMZ Gateway Server service then click Bring Offline.
- In the DMZ Gateway administration interface, verify that the service has stopped.
- Cause a failover to confirm the service can be started on each node automatically.
- Configure the remote server to connect to DMZ Gateway using the cluster IP address (IP address that the cluster shares).
- Verify that the DMZ Gateway administration interface has a green light (to show that the server has connected).
- Verify that the failover allows the server to continue to be connected to a DMZ Gateway in the cluster.
Your cluster setup is now complete.
If one DMZ Gateway goes down, you lose any transactions in progress until the failover goes online.
Upgrading DMZ Gateway in a Cluster
To upgrade DMZ Gateway in a cluster
- Obtain the new installation file(s).
- Bring down the cluster (from within the cluster manager). It is critically important that DMZ Gateway service is STOPPED on both nodes!
- Verify that the DMZ Gateway service is stopped by logging in to each node and inspecting the service control panel. For extra assurance you can change the startup type to Manual from Automatic. (Make sure to switch it back before you bring the cluster back up in step 7 below.)
- Run the installer on the first node and select Upgrade when prompted.
- Run the installer on the second node and select Upgrade when prompted.
- If you changed DMZ Gateway service startup to Manual in step 4, change it back to Automatic
- Bring the cluster back up.
- Verify the upgrade was successful:
- Verify that DMZ Gateway is running on the primary node.
- Disable the primary node and verify secondary node starts up.
- Open the DMZ Gateway administration interface and verify that the version number is the same on both nodes (click Help > About).