about:blank

Module 10: Implementing Network Load Balancing

Contents:

Lesson

Lesson Configuring an NLB cluster

Lesson 3: Planning an NLB Implementation

Lab: Implementing NLB

Module review and takeaways

Module

Network Load Balancing (NLB) is a feature available to computers that run the
Windows Server operating system. NLB uses a distributed algorithm to balance an IP
traffic load across multiple hosts, which in turn helps to improve the scalability and
availability of business-critical, IP-based services. NLB also provides high availability,
because it detects host failures and automatically redistributes traffic to surviving
hosts.

To deploy must understand its scenarios

where appropriate. The main update Windows Server
2008 of a comprehensive set of PowerShell cmdlets.
These cmdlets enhance your ability to automate NLB management in Windows
Server 2012 and later clusters.

1 of 43 3/12/2019, 1:30 PM
 about:blank

This module introduces you to NLB and shows you how to deploy this technology.
This module also discusses the situations for which NLB is appropriate, how to
configure and manage NLB clusters, and how to perform maintenance tasks on NLB
clusters.

Objectives
After you will be able to:

• Describe

• Configure cluster.

• Explain how to plan an NLB implementation.

Lesson 1: Overview of NLB

Before need to have a good types of

server high availability technology you do
not understand functionality, you might deploy that does not
accomplish your overall objectives. For example, you need to understand why NLB is
appropriate for web applications, but not for Microsoft SQL Server databases.

This lesson provides an overview of NLB, and its features in Windows Server 2016. It
also describes how NLB works under normal circumstances, and how it works during
server recovery.

Lesson
After lesson, you will be able to:

• Describe the NLB technology.

2 of 43 3/12/2019, 1:30 PM
 about:blank

• Describe how NLB works.

• Explain how NLB accommodates server failures and recovery.

• Describe the NLB features in Windows Server 2016.

What

NLB is a scalable, high-availability feature that you can install on all editions of
Windows Server 2016. NLB distributes network traffic across a set of servers,
balancing the workload each server must handle. It is scalable because it enables
you to also called nodes or in an NLB
cluster is a computer, either is
running 2016 operating system. runs a copy
of the are also running on cluster.

Windows Server 2016 NLB clusters can have between 2 and 32 nodes. When you
create an NLB cluster, it creates a virtual network address and virtual network

3 of 43 3/12/2019, 1:30 PM
 about:blank

adapter. The virtual network adapter has an IP address and a media access control
(MAC) address. Network traffic to this address is distributed evenly across the nodes
in the cluster. In a basic NLB configuration, each node in an NLB cluster services
requests at a rate that is approximately equal to that of all other nodes in the cluster.
When an NLB cluster receives a request, it forwards that request to the node that
currently is the least used. You also can configure NLB to direct traffic to a specific
host,

NLB applications such as

applications not matter which web to when
connecting application. NLB is not suitable applications such
as traditional file servers and database servers. This is because these applications
require a persistent connection to a particular server, rather than having any server
handle the connection.

NLB means that if one of the goes

offline, be forwarded to that nodes in the
cluster requests. When the service,
incoming redirected until traffic is in the
cluster.

How NLB works

4 of 43 3/12/2019, 1:30 PM
 about:blank

When you configure an application to use NLB, clients address the application using
the NLB than the address the NLB
cluster. address is a virtual address NLB cluster
share.

NLB following manner:

• All hosts in the NLB cluster receive the incoming traffic, but only one node in the
cluster—which is determined through the NLB process—accepts that traffic. All
other nodes in the NLB cluster drop the traffic.

• The that accepts the traffic configuration

of settings. Through these determine if a
particular traffic that uses a particular or
whether cluster will accept and

NLB also sends traffic to nodes based on current node use. It directs new traffic to

5 of 43 3/12/2019, 1:30 PM
 about:blank

nodes that are the least used. For example, if you have a four-node cluster where
three nodes respond to requests from 10 clients and one node responds to requests
from five clients, the node that has fewer clients will receive more incoming traffic
until use is more evenly balanced across the nodes.

How NLB works with server failures and recovery

NLB can detect the failure of cluster nodes. When a cluster node is in a failed state,
NLB removes it from the cluster, and the hosts in the cluster do not direct new traffic
to the node. It uses heartbeats to detect the failure. NLB cluster heartbeats transmit
every second between nodes in a cluster. A node is removed automatically from an
NLB consecutive heartbeats. over a
network from the network access the
cluster.

When remove a node from a cluster, convergence

occurs. Convergence is the process where a new list of cluster members is created
and the cluster members record the current configuration of the cluster. Convergence

6 of 43 3/12/2019, 1:30 PM
 about:blank

can only occur if you configure each node with the same port rules.

You can configure nodes to rejoin a cluster automatically, by configuring the Initial
host state setting on the node’s properties by using the Network Load Balancing
Manager. By default, a host that is a member of a cluster will attempt to rejoin that
cluster automatically. For example, after you apply a software update, if you restart a
server NLB cluster, the server
automatically process completes.

You manually from NLB remove a

node, perform a Stop or a Drainstop Stop action
terminates all existing connections to the cluster node and stops the NLB service.
The Drainstop action blocks all new connections without terminating existing
sessions. After all current sessions end, the NLB service stops.

NLB failure; it cannot detect means

that but the server remains cluster will
continue cluster node that application. One
way to implement a monitoring Microsoft
System Operations Manager. With System Manager
(Operations you can monitor the functionality applications. You also can
configure Operations Manager to generate an alert if an application on a cluster node
fails. An alert, in turn, can configure a remediation action, such as restarting services,
restarting the server, or withdrawing the node from the NLB cluster so that the node
does not receive further incoming traffic.

NLB Windows Server 2016

7 of 43 3/12/2019, 1:30 PM
 about:blank

The most substantial change to NLB features after Windows Server 2008 is the
inclusion PowerShell support. The NetworkLoadBalancingClusters
module NLB–related cmdlets. This module on a
server install the NLB Remote Administration Tools
(RSATs).

The Windows PowerShell NLB-related cmdlets have the nouns and verbs listed in
the following table.

Windows PowerShell NLB Description Windows

nouns verbs

NlbClusterNode Use to manage Remove,

node Start, Stop,

NlbClusterNodeDip Use to configure Get, Remove, and

node’s dedicated Set
management IP

8 of 43 3/12/2019, 1:30 PM
 about:blank

Windows PowerShell NLB Description Windows

nouns PowerShell verbs

NlbClusterPortRule Use to manage port rules Add, Disable, Enable, Get,

Remove, and Set

NlbClusterVip Use to manage the NLB Add Get Remove, and

cluster’s virtual

NlbCluster Use to manage Remove,

cluster Start, Stop,

NlbClusterDriverInfo Provides information

the NLB cluster driver

NlbClusterNodeNetworkInterface Use to retrieve information Get

about a cluster node’s
network interface driver

NlbClusterIpv6Address Use to configure

cluster’s IPv6

NlbClusterPortRuleNodeHandlingPriority Use to set priority

port rule basis

NlbClusterPortRuleNodeWeight Use to set node

per-port rule basis

Note: To see the list of Windows PowerShell cmdlets for NLB, use the
following command:

NetworkLoadBalancingClusters

Other

NLB on Windows Server 2016 includes other features as well:

9 of 43 3/12/2019, 1:30 PM
 about:blank

• NLB does not require any hardware changes.

• You can manage multiple clusters and hosts from a remote or local computer.

• You can configure each host as part of multiple clusters when using multiple
network adapters.

• You server applications

• NLB re-add hosts to the cluster later come

online.

• You offline without affecting other

Check Your Knowledge

Discovery
What server failure and application does that
difference availability solution?

Show solution

Check Your Knowledge

Select all that apply

How many nodes does NLB support in Windows Server 2016?

16

32

64

10 of 43 3/12/2019, 1:30 PM
 about:blank

Check answer Show solution Reset

Lesson 2: Configuring an NLB cluster

To deploy NLB successfully, you must first have a good understanding of its
deployment must also plan how port rules
and that traffic to the application hosted on the
NLB appropriately.

This information about the infrastructure requirements that you must

consider before you deploy NLB. It also provides important information on how best
to configure NLB clusters and nodes to meet your objectives.

Lesson objectives
After you will be able to:

• Describe requirements.

• Describe NLB.

• Explain configuration options for NLB.

• Describe how to configure NLB affinity and port rules.

• Describe network considerations for NLB.

Deployment requirements for NLB

11 of 43 3/12/2019, 1:30 PM
 about:blank

There are several requirements that you must meet while designing and deploying an
NLB

• Ensure NLB cluster reside subnet.

Although TCP/IP subnets to locations,
NLB unlikely to achieve convergence the latency
between nodes exceeds 250 milliseconds (ms). When you are designing
geographically-dispersed NLB clusters, you should instead choose to deploy an
NLB cluster at each site, and then use Domain Name System (DNS) round robin
to distribute traffic between sites.

robin is described in more module.

• Configure adapters within an NLB unicast or multicast.

You cannot configure an NLB cluster where there is a mixture of unicast and
multicast adapters. When using the unicast mode, the network adapter must

12 of 43 3/12/2019, 1:30 PM
 about:blank

support changing its MAC address.

• Use only the TCP/IP protocol with network adapters that participate in NLB
clusters. NLB supports IPv4 and IPv6. Do not add any other protocols to the
adapter that is part of the NLB cluster.

• Ensure that IP addresses of servers that participate in NLB cluster are static.
When Dynamic Host Configuration disabled
on configure to participate

All editions Server 2016 support NLB. NLB clusters

with nodes that are running a mixture of Standard edition and Datacenter edition
servers. However, as a best practice, ensure that NLB cluster nodes are computers
with similar hardware specifications, and are running the same edition of the
Windows Server 2016.

Demonstration: Deploying NLB

In this see how to create Server
2016.

Demonstration steps
Create an NLB cluster in Windows Server 2016

1. On LON-SVR1 open the Windows PowerShell Integrated Scripting

2. PowerShell command prompt, commands,

command:

Invoke-Command -Computername LON-SVR1,LON-SVR2 -command

{Install-WindowsFeature NLB,RSAT-NLB}

13 of 43 3/12/2019, 1:30 PM
 about:blank

New-NlbCluster -InterfaceName "Ethernet" -OperationMode

Multicast -ClusterPrimaryIP 172.16.0.42 -ClusterName LON-NLB

Add-NlbClusterNode -InterfaceName "Ethernet" -NewNodeName "LON-

SVR2" -NewNodeInterface "Ethernet"

3. open Network Load then

Leave the virtual machines running

• When you finish the demonstration, leave the virtual machines running for the next
demonstration.

Configuration for NLB

14 of 43 3/12/2019, 1:30 PM
 about:blank

Configuring NLB clusters involves specifying how hosts in the cluster will respond to
incoming NLB directs traffic protocol
that client has an existing host in the
cluster. these settings by using settings.

Port

With port rules, you can configure how the NLB cluster directs requests to specific IP
addresses, ports, and protocols. For example, you can load balance traffic on
Transmission Control Protocol (TCP) port 80 across all nodes in an NLB cluster,
while directing all requests to TCP port 25 to a specific host. Which ports you choose
to load the specific server

To specify distribute requests across you

configure creating a port rule. Add/Edit
Port which you use to configure filtering modes:

• Multiple hosts. When you configure this mode, all NLB nodes respond according

15 of 43 3/12/2019, 1:30 PM
 about:blank

to the weight assigned to each node. Node weight is calculated automatically,

based on the performance characteristics of the host. If a node fails, other nodes
in the cluster continue to respond to incoming requests. Multiple host filtering
increases availability and scalability because you can increase capacity by adding
nodes, and the cluster continues to function in the event of node failure.

• Single configure this mode, the traffic to the

node highest priority. If the highest
priority host assigned the next manages the
incoming rules increase availability increase
scalability.

Note: The highest priority is the lowest number, with a priority of one being a
higher priority than a priority of 10.

• Disable When you configure this this port

range automatically without being nodes. If
you range, and there is no traffic is
forwarded with the lowest priority number.

You can use the following Windows PowerShell cmdlets to manage port rules:

• Add-NlbClusterPortRule Use this cmdlet to add a new port rule.

• Disable-NlbClusterPortRule. Use this cmdlet rule.

• Enable-NlbClusterPortRule. Use this cmdlet rule.

• Set-NlbClusterPortRule. Use this cmdlet to modify of an existing

port rule.

16 of 43 3/12/2019, 1:30 PM
 about:blank

• Remove-NlbClusterPortRule. Use this cmdlet to remove an existing port rule.

Note: Each node in a cluster must have identical port rules. The exception to
this is the load weight (in multiple-hosts filter mode) and handling priority (in
single-host filter mode). Otherwise, if the port rules are not identical, the

Affinity

Affinity the NLB cluster distributes specific client.

Affinity settings only apply when you use the multiple hosts filtering mode. You can
select from the following affinity modes in the Add/Edit Port Rule dialog box:

• None. In this mode, any cluster node responds to any client request, even if the
client is reconnecting after an interruption. For example, the first webpage on a
web retrieved from the third webpage from
the webpage from the mode is
suitable applications.

• Single this affinity mode, a single manages all

requests from a single client. For example, if the third node in a cluster manages a
client’s first request, then all subsequent requests are also managed by that node.
This affinity mode is useful for stateful applications.

• Network. When you set this mode, a single node will respond to all requests from
a uses the 255.255. mode is
useful applications where the client cluster
through servers. These proxy different IP
addresses, within the same class

Host parameters

17 of 43 3/12/2019, 1:30 PM
 about:blank

You configure the host parameters for a host by clicking the host in the Network
Load Balancing Manager console, and then from the Host menu, clicking
Properties. You can configure the following host settings for each NLB node:

• Priority. Each NLB node is assigned a unique priority value. If no existing port
rule matches the traffic that is addressed to the cluster, traffic is assigned to the
NLB the lowest priority value.

• Dedicated can use this parameter address that the

host management tasks. When dedicated IP
address, configures port rules so that they to that address.

• Subnet mask. When you select a subnet mask, ensure that there are enough
host bits to support the number of servers in the NLB cluster, and any routers that
connect the NLB cluster to the rest of the organizational network. For example, if
you plan to have a cluster that has 32 nodes and supports two routes to the NLB
cluster, subnet mask that more—
such

• Initial use this parameter host will

take are three possible values:

o Started. This value makes the host rejoin the NLB cluster automatically.

o Suspended. This value pauses the host, and allows you to perform operations
that require multiple reboots without triggering cluster convergence.

o Stopped This value stops the node.

Demonstration: Configuring NLB affinity rules

In this you will see how to:

• Configure affinity for NLB cluster nodes.

18 of 43 3/12/2019, 1:30 PM
 about:blank

• Configure NLB port rules.

Demonstration steps
Configure affinity for NLB cluster nodes

1. Start, and then click the tile.

2. type the following after

Mkdir c:\porttest

Xcopy /s c:\inetpub\wwwroot c:\porttest

PortTest –PhysicalPath “C:\porttest” –Port

–DisplayName PortTest TCP

Configure NLB port rules

1. Network Load Balancing console.

2.

3. Balancing Manager of the

4. Add a port rule with the following properties:

19 of 43 3/12/2019, 1:30 PM
 about:blank

• Port range: 80 to 80

5. • Protocols:
Create a port Both
rule with the following properties:

• Port
Filtering
range:
mode:
5678
Multiple
to 5678Host

• Protocols:
Affinity: None
Both

Host

6. LON-SVR1 (Ethernet).

7. rule for port 5678, and then priority to 10.

Revert the virtual machines

When you finish the demonstration, revert the virtual machine to its initial state. To do
this, complete the following steps:

1. open Hyper-V Manager

2. Manager, in the Virtual 20740C-

then click Revert.

3. In the Revert Virtual Machine dialog box, click Revert.

4. Repeat steps 2 and 3 for 20740C-LON-SVR1 and 20740C-LON-SVR2.

Network considerations for NLB

20 of 43 3/12/2019, 1:30 PM
 about:blank

When you design a network to support an NLB cluster, you must consider several
factors. whether you want cluster to use
the unicast cluster operation mode.

Unicast

When you configure NLB cluster to use the unicast mode, cluster hosts use the
same unicast MAC address. The cluster host’s priority setting determines the
modified MAC address that outgoing traffic uses. This prevents the switch that
handles outbound traffic from having problems with all cluster hosts using the same
MAC address.

When mode with a single network node, only

computers subnet can communicate using the
node’s you have to perform tasks,
(such the Remote Desktop feature Windows operating
system to apply software updates), you will need to perform these tasks from a
computer that is on the same TCP/IP subnet as the node.

21 of 43 3/12/2019, 1:30 PM
 about:blank

When you use the unicast mode with two or more network adapters, one adapter is
used for dedicated cluster communications, and the other adapter or adapters can be
used for management tasks. When you use the unicast mode with multiple network
adapters, you can perform cluster management tasks such as connecting to the
server by using Windows PowerShell remoting to add or remove roles and features.

The minimize problems that nodes also

host roles or services. For mode
means participates in a web server might also
host DNS or DHCP. Although
recommend cluster nodes have the same

Multicast

When you configure an NLB cluster to use the multicast mode, each cluster host
keeps its original MAC address but also is assigned an additional multicast MAC
address. cluster is assigned the multicast
address. multicast mode when each network adapter
installed, communicate directly multicast
mode switches and routers that addresses.

If you experience issues in a unicast mode deployment of NLB, such as switch

flooding, where NLB traffic routes to all the ports on a switch, then switching to
multicast might address the problem. However, depending on your hardware, you
might need to add static Address Resolution Protocol (ARP) to your router or switch
in order to map the cluster IP address to the MAC address of the NLB cluster.
Otherwise, multicast mode to result

IGMP

The Management Protocol (IGMP) special form of

multicast prevents the network switch with traffic. When
you deploy the IGMP multicast mode, traffic is forwarded only through switch ports
that participate in the NLB cluster. IGMP multicast mode requires switch hardware

22 of 43 3/12/2019, 1:30 PM
 about:blank

that supports this functionality.

Network considerations

You can improve NLB cluster performance when you use unicast mode by using
separate virtual local area networks (VLANs) for cluster traffic and management
traffic. traffic, you can prevent from
affecting you host NLB nodes using
Windows can use network
management traffic.

Check Your Knowledge

Discovery
Describe a situation where the single affinity setting would be appropriate.

Show solution

Check

Discovery
When would you want to use port rules other than the default port rule?

Show solution Reset

Lesson 3: Planning an NLB Implementation

When implementation, you must applications that

you deploy NLB. Not all applications deployment
on NLB important for you to identify can benefit
from also need to know what to secure NLB.
Additionally, you should be familiar with the options that you have for scaling NLB, in
case the application that is hosted on the NLB cluster requires greater capacity.

23 of 43 3/12/2019, 1:30 PM
 about:blank

Lesson objectives
After completing this lesson, you will be able to:

• Explain how to design application and storage support for NLB.

• Describe the special considerations for deploying NLB clusters virtual

machines.

• Describe for securing NLB.

• Describe for scaling NLB.

• Describe the considerations for upgrading an NLB cluster to Windows Server

2016.

Designing applications and storage support for NLB

Because client traffic can be directed to any node in an NLB cluster, each node in the

24 of 43 3/12/2019, 1:30 PM
 about:blank

cluster must be able to provide a consistent experience. Therefore, when you are
designing applications and storage support for NLB applications, you must ensure
that you configure each node in the same way, and that each node has access to the
same data.

When a highly available application has multiple tiers—such as a web application that
includes database tier—the web application an NLB
cluster. stateful application, is not by using
NLB. technologies such as failover
AlwaysOn to make the SQL Server available.

You should configure all hosts in an NLB cluster in the same way, and they should
run the same applications. When you are using web applications, you can use the
Internet Information Services (IIS) 8.0 shared configuration functionality to ensure
that all nodes in the NLB cluster are configured in the same manner.

You such as file shares Cluster Shared

Volumes ( application configuration that are
hosted hosts to have access
configuration shares that are hosted of
Windows and later.

When configuring NLB hosts, you can avoid the extra expense of configuring
redundancy into local storage. If a drive fails and the server fails as a result, other
servers in the NLB cluster take on the extra workload. This means there is little
advantage local drivers to use Independent
Disks ( tolerance.

Considerations deploying an NLB virtual

machines

25 of 43 3/12/2019, 1:30 PM
 about:blank

As organizations transition from physical to virtual deployments, administrators must

consider determining the placement nodes on
Hyper-V the network configuration the
configuration hosts, and the benefits high
availability conjunction with NLB.

Virtual machine placement

You should place NLB cluster nodes on separate hard disks on the Hyper-V host.
That way, if a disk or disk array fails, and if one node becomes unavailable, other
NLB hosted on the same Hyper-V online. We
recommend the Hyper-V host including
redundant adapters, and power supplies. the
chance the Hyper-V host NLB
cluster unavailable. When you use multiple adapters, configure
the network teaming to ensure that virtual machines are able to maintain access to
the network even in the event that individual network adapter hardware suffers a
failure.

26 of 43 3/12/2019, 1:30 PM
 about:blank

Where possible, deploy NLB cluster nodes running as virtual machines on separate
Hyper-V hosts. This protects the NLB cluster from other types of server failure, such
as the failure of a motherboard, or any other single point of failure. When you plan
this type of configuration, ensure that the virtual machines that participate in the NLB
cluster are located on the same TCP/IP subnet.

Virtual configuration

Because virtual network adapters process, you

can configure to use the unicast each virtual
machine network adapters. You should virtual switches
for cluster traffic and node management traffic because segmenting traffic can
improve performance. You also can use network virtualization to partition cluster
traffic from node management traffic. You can use VLAN tags as a method of
partitioning cluster traffic from node management traffic.

When mode, ensure that you spoofing for

the virtual the Hyper-V host. the virtual
network the Virtual Machine which is
available Hyper-V Manager. Enabling MAC allows the NLB
cluster unicast mode to configure assignment on the
virtual network adapter.

NLB cluster vs. virtual machine high availability

Virtual is the process of on failover

clusters. cluster node fails, the virtual that it is
hosted Although failover clustering
availability serve different purposes. supports
stateful as SQL Server, whereas stateless
applications such as websites.

27 of 43 3/12/2019, 1:30 PM
 about:blank

Highly available virtual machines do not allow an application to scale because you
cannot add nodes to increase capacity. However, it is possible to deploy NLB cluster
nodes as highly available virtual machines. In this scenario, the NLB cluster nodes
fail over to a new Hyper-V host if the original Hyper-V host fails.

The degree of availability and redundancy required for an application fluctuates,

depending requirements of that application. business-critical
application millions of dollars in lost requires
an availability that of an application
inconvenience

Considerations for securing NLB

You clusters to host web important to

the organization. this importance, you secure NLB,
both traffic that can address the ensuring that
appropriate permissions apply.

28 of 43 3/12/2019, 1:30 PM
 about:blank

Configure port rules

When you secure NLB clusters, you must first ensure that you create port rules to
block traffic to all ports other than those that applications hosted on the NLB cluster
use. When you do this, it drops all incoming traffic that is not addressed specifically to
applications that are running on the NLB cluster. If you do not perform this first step,
all incoming managed by a port cluster node
with value.

Configure

You also should ensure that Windows Firewall with Advanced Security is configured
on each NLB cluster node. When you enable NLB on a cluster node, the following
firewall rules that allow NLB to function and communicate with other nodes in the
cluster are created and enabled automatically:

• Network DCOM-In)

• Network ICMP4-ERQ-In)

• Network Balancing (ICMP6-ERQ-In)

• Network Load Balancing (RPCSS)

• Network Load Balancing (WinMgmt-In)

• Network Load Balancing (ICMP4-DU-In)

• Network ICMP4-ER-In)

• Network ICMP6-DU-In)

• Network Balancing (ICMP6-EU-In)

When created, these firewall rules do not include scope settings. In high-security

29 of 43 3/12/2019, 1:30 PM
 about:blank

environments, you would configure an appropriate local IP address or IP address

range, and a remote IP address for each rule. The remote IP address or address
range should include the addresses that other hosts in the cluster use.

When you configure additional firewall rules, remember the following guidelines:

• When network adapters in the different

firewall network interface. For the
management should configure the firewall inbound
management only—for example, you would remote
Windows Windows Remote Management, Remote Desktop for
management tasks. You should configure the firewall rules on the network
interface that the cluster node uses, to provide an application to the cluster and to
allow access to that application. For example, you should allow incoming traffic on
TCP ports 80 and 443 on an application that uses the HTTP and HTTPS
protocols.

• When network adapters in multicast firewall

rules applications that are block
access

Note: Whenever possible, use two or more network adapters in each cluster
host. This will allow you to customize firewall and port rules to limit remote
access so that it is not possible to connect remotely through the adapter used
for NLB traffic, known as the cluster adapter

Configure respond only to traffic the

cluster

You should configure applications on each node to respond only to traffic that is
addressed to the cluster, and to ignore application traffic that is addressed to the
individual node. For example, if you deploy a web application that is designed to

30 of 43 3/12/2019, 1:30 PM
 about:blank

respond to traffic addressed to www.adatum.com, there will be a website on each

node that will accept traffic on port 80.

Depending on the NLB cluster configuration, it is possible that traffic that is

addressed to the node on port 80 will generate a direct response. For example, users
might be able to access the A. Datum web application by typing the address
http: in a web browser, address
http: can secure applications direct traffic
by configuring only to traffic that address. For
web this by configuring the header.
Each runs on an NLB cluster will method of
allowing you to configure the application to respond only to traffic that is directed at
the cluster, rather than at the individual cluster node.

Securing traffic with an SSL certificate

All NLB same website name. websites that

you make using NLB, you must website has an
SSL the website name. You each node
to point NLB cluster. In most the same
website each node in the NLB cluster, simpler than
procuring separate certificates for each cluster node. In some cases, you will need to
procure certificates that support subject alternative names (SANs). Certificates that
support SANs allow a server to be identified by multiple names, such as the name
that the clustered application uses and the name of the cluster node. For example, a
certificate support the names www.
node1. adatum.internal, node3.
node4.

Principle privilege

Ensure that you delegate permissions to users, only for tasks that they need to

31 of 43 3/12/2019, 1:30 PM
 about:blank

perform on the NLB node. Members of the local Administrators group on any single
node can add and remove cluster nodes, even if they are not members of the local
Administrators group on those nodes. You should configure applications that run on
NLB clusters so that they do not require application administrators to have local
Administrator privileges on the servers that host the application. Only users whose
job role requires them to make remote management connections to NLB cluster
nodes those connections.

Privileged Management

Windows includes the new Privileged Management (PAM)

feature. PAM is based on the concepts of just-in-time (JIT) administration and just
enough administration (JEA). When you implement PAM, users request permissions
to perform administrative tasks on a server and are automatically granted the
appropriate privileges for a temporary period, based on rules that might include
additional PAM also allows
authentication multi-factor authentication.

information on PAM, refer to Management

Domain Services (AD DS): ms/Rs9mxp

Note: For more information on JEA, refer to Just Enough Administration:

http://aka.ms/JEA

Considerations scaling NLB

32 of 43 3/12/2019, 1:30 PM
 about:blank

Scaling is the process of increasing the capacity of an NLB cluster. For example, if
you have cluster, and each cluster point where
the cluster more traffic, you can add Adding nodes
will spread across more computers, each current
cluster capacity increases because similarly
configured can manage a higher workload number of
similarly configured computers.

An NLB cluster supports up to 32 nodes. This means that you can scale out a single
NLB cluster so that 32 separate nodes participate in that cluster. When you consider
scaling is hosted on a 32-node remember that
each be on the same TCP/IP

An alternative NLB clusters is to clusters and use

DNS share traffic between them. DNS technology that
allows a DNS server to provide requesting clients different addresses to the
same hostname, in sequential order. For example, if three addresses are associated
with a hostname, the first requesting host receives the first address, the second

33 of 43 3/12/2019, 1:30 PM
 about:blank

receives the second address, the third receives the third address, and so forth. When
you use DNS round robin with NLB, you associate the IP addresses of each cluster
with the hostname that the application uses.

Distributing traffic between NLB clusters by using DNS round robin also allows you to
deploy NLB clusters across multiple sites. You can use DNS round robin in
conjunction ordering. Using DNS round clients on a
subnet address of a host one is
available. might deploy three four-node the cities of
Sydney, Canberra, and use DNS traffic
between netmask ordering, a client in accessing the
application in Sydney will be directed by DNS to the NLB cluster hosted in Sydney. A
client that is not on the same subnet as the NLB cluster nodes, such as a client in the
city of Brisbane, would be directed by DNS round robin to either the Sydney,
Melbourne, or Canberra NLB cluster.

Considerations upgrading NLB

34 of 43 3/12/2019, 1:30 PM
 about:blank

Upgrading NLB clusters involves moving cluster nodes from one host operating
system—for example, Windows Server 2008 or Windows Server 2012—to Windows
Server 2016. Upgrading the cluster might not require you to perform an operating
system upgrade on each node, because in some cases the original host operating
system might not support a direct upgrade to Windows Server 2016. In cases where
the original host operating system does not support a direct upgrade to Windows
Server 2016, migration.

When clusters, remember that run a

mixture This means that you runs a
mixture Server 2008, Windows Server Windows Server 2016.
Even though NLB supports mixed operating system clusters, we do not recommend
them. If you do run NLB clusters with a mixture of operating systems, we recommend
that you move all nodes to a single operating system as quickly as possible.

Note: In some situations, it will not be possible to upgrade the operating

system of a cluster node. For example, if the server has an x86 version of
Windows Server 2008 installed, it will not be possible to upgrade it. In this
situation, should remove the node from the manually, migrate the
server Server 2016, migrate the then join the
migrated the NLB cluster

When you perform an NLB cluster upgrade, you can use one of the following
strategies:

• Piecemeal this type of upgrade, Server

2016 cluster, and then remove running
older Windows Server operating upgrade is
appropriate original hardware and operating support a
direct Windows Server 2016.

• Rolling upgrade. During this type of upgrade, you upgrade one node in the cluster

35 of 43 3/12/2019, 1:30 PM
 about:blank

at a time. You do this by taking the node offline, performing the upgrade, and then
rejoining the node back to the cluster.

Additional Reading: For more information, refer to Upgrading an Existing

Network Load Balancing Cluster: http://aka.ms/U4sqyq

Check

Discovery
Why do you use both port rules and firewall rules when securing NLB?

Show solution Reset

Check Your Knowledge

Discovery
Why principle of least privilege permission to NLB
servers?

Show solution

Lab: Implementing NLB

Scenario
Adatum engineering and manufacturing organization
is based and is quickly expanding
company scalable web applications To address
this need, develop a pilot program to of NLB on
hosts that are running the Windows Server 2016 operating system.

36 of 43 3/12/2019, 1:30 PM
 about:blank

Because you intend to automate the process of deploying Windows NLB clusters,
you will use Windows PowerShell to perform many of the cluster setup and
configuration tasks. You also will configure port rules and affinity, which will allow you
to deploy multiple load-balanced web applications on the same NLB clusters.

Objectives
After will be able to:

• Implement

• Configure manage an NLB cluster.

• Validate high availability for the NLB cluster.

Lab setup

Estimated

Virtual 20740C-LON-DC1, 20740C-LON-SVR1 20740C-LON-SVR2

User Adatum\Administrator

Password: Pa55w.rd

For this lab, you will use the available virtual machine environment. Before you begin
the lab, following steps:

1. click start Hyper-V Manager

2. Manager, 20740C-LON-DC1 pane, click

3. In the Actions pane, click Connect. Wait until the virtual machine starts.

37 of 43 3/12/2019, 1:30 PM
 about:blank

4. Sign in using the following credentials:

o User name: Administrator

o Password: Pa55w.rd

o Domain: Adatum

5. four for 20740C-LON-SVR1 20740C-LON-

Exercise Implementing a Network Load NLB) cluster

Scenario

You want to automate the process of deploying Windows Server 2016 NLB clusters.
To accomplish Windows PowerShell majority of the
NLB

The are as follows:

1. Verify website functionality for standalone servers

2. Install NLB

3. Create a new Windows Server 2016 NLB cluster

4. cluster

5.

Detailed Steps

Detailed Steps ▼

38 of 43 3/12/2019, 1:30 PM
 about:blank

Detailed Steps ▼

Detailed Steps ▼

Detailed Steps ▼

Result: After completing this exercise, you should have successfully implemented
an

Exercise and managing

Scenario

As part of the pilot, you want to deploy multiple separate websites to the NLB cluster,
and then differentiate these websites based on port address. To do this, you want to
ensure that you can configure and validate port rules. You also want to experiment
with that requests are distributed the hosts.

The are as follows:

1. and affinity

2. Validate port rules

3. Manage host availability in the NLB cluster

Detailed Steps

Detailed Steps

Detailed Steps

Result: After completing this exercise, you should have successfully configured
and managed an NLB cluster.

39 of 43 3/12/2019, 1:30 PM
 about:blank

Exercise 3: Validating high availability for the NLB cluster

Scenario

As part of preparing to deploy NLB in your organization’s environment, you want to

ensure that it is possible to perform maintenance tasks such as reboot operations
without of the websites that cluster. To
accomplish verify availability by you
attempt website. You also
functionality.

The main tasks for this exercise are as follows:

1. Validate website availability when the host is unavailable

2. Configure and validate Drainstop

3. module

Detailed Steps

Detailed Steps ▼

Detailed Steps ▼

Result: After completing this exercise, you should have successfully validated high
availability

Review

Check Knowledge

Discovery

40 of 43 3/12/2019, 1:30 PM
 about:blank

How many additional nodes can you add to the LON-NLB cluster?

Show solution Reset

Check Your Knowledge

Discovery
What ensure that LON-SVR1 requests for web
traffic port rules that were established this set of
exercises?

Show solution

Check Your Knowledge

Discovery
What Stop and a Drainstop

Show solution

Module takeaways

Common Issues and Troubleshooting Tips

Common Issue Troubleshooting Tip

You conflicting IP Please see Student course.

addresses host.

NLB connecting Please see Student course.

to a

Hosts not complete Please see Student for this course.

the process.

A default host is handling all the workload Please see Student Companion Content for this course.

41 of 43 3/12/2019, 1:30 PM
 about:blank

Common Issue Troubleshooting Tip

instead of it being balanced across nodes in

the cluster.

Review Question(s)

Check

Discovery
You have four-node Windows Server 2016 cluster hosts a
website IIS. What happens to the you down the World
Wide Web publishing service on one of the nodes?

Show solution Reset

Check

Discovery
You want contoso.com, www.adatum. fabrikam.com
websites cluster. The cluster IP address,
and each domain name (FQDN) is mapped cluster's public
IP address. What steps should you take on each node to ensure that traffic is directed to
the appropriate site?

Show solution Reset

Check

Discovery
You have Windows NLB cluster that You want to
ensure client that uses the cluster same node
throughout their session, but that traffic from separate clients distributes equitably
across all nodes. Which option do you configure to accomplish this goal?

42 of 43 3/12/2019, 1:30 PM
 about:blank

Show solution Reset

Real-world Issues and Scenarios

To create a true high-availability solution, use a monitoring solution with NLB that will
detect application failure. This is because NLB clusters will continue to direct traffic to
nodes providing NLB, which application,
continues traffic.

43 of 43 3/12/2019, 1:30 PM