Host Security
Consider tightening the security of the operating system. Limit the number of users permitted to
access the hosts. Place a secured PC in front of the NLB cluster and behind a firewall. Use this PC
to run NLB Manager and administer the cluster.
Application Security
Because NLB provides no additional security functions, it is imperative to use any security features
available in your load-balanced applications. If you are using IIS on an NLB cluster, follow the doc-
umented procedures and guidelines for securing IIS.
Physical Security
Like any server, an NLB host should be locked behind closed doors for protection, and so should
the network equipment that the NLB cluster depends on. It is theoretically possible to cause a ser-
vice disruption by forging cluster heartbeats.
Host List
If you are using the host list feature of NLB Manager, you should secure the host list file on your
administrative system. Restrict access to appropriate users.
Remote Control Option
The remote-control feature of NLB is a known security risk.You should avoid using this feature. If
you must enable remote control, ensure that strong passwords are used. It is also advisable to place
the cluster behind a firewall and filter the port traffic going to the remote-control ports.
Create A Network Load Balancing Cluster
Use the following steps to create a new NLB cluster using the NLB Manager administrative tool.
Where appropriate, use your own TCP/IP addresses.
1. Start NLB Manager by selecting Start | Administrative Tools | Network Load
Balancing Manager.
2. Select Cluster | New, as shown in Figure 6.50.
236 Chapter 6 • Implementing Windows Cluster Services and Network Load Balancing
Figure 6.50 Create a New NLB Cluster
301_BD_W2k3_06.qxd 5/13/04 3:06 PM Page 236
3. You will be presented with the Cluster Parameters window. Enter the IP address, Subnet
mask, and Full Internet name (this is the fully qualified domain name) of the cluster in the
Cluster IP configuration section, as shown in Figure 6.51.

4. Click the Multicast option in the Cluster operation mode section, and notice how the
Network address entry changes, as shown in Figure 6.52.The network (media access con-
trol, or MAC) changes to fit the correct mode based on the communication mechanism
you select. (We will leave Multicast selected for the example.)
5. Select the check box next to IGMP multicast, as shown in Figure 6.53.
Implementing Windows Cluster Services and Network Load Balancing • Chapter 6 237
Figure 6.51 Configure Cluster Parameters
Figure 6.52 Select Multicast Cluster Operation Mode
301_BD_W2k3_06.qxd 5/13/04 3:06 PM Page 237
6. You will be presented with the warning message shown in Figure 6.54.This message is
intended to remind you that additional configuration of your switches and NIC may be
required if you select IGMP support. Click OK to close the Warning dialog box.
7. You will be presented with the Cluster IP Addresses window, as shown in Figure 6.55. If
you want to load-balance multiple IP addresses, you can click the Add… button and add
them to the cluster at this point. For this example, we will work with only one address.
Click Next to continue.
238 Chapter 6 • Implementing Windows Cluster Services and Network Load Balancing
Figure 6.53 Select IGMP Multicast with the Cluster Operation Mode
Figure 6.54 IGMP Warning Message
Figure 6.55 Cluster IP Addresses Window
301_BD_W2k3_06.qxd 5/13/04 3:06 PM Page 238
8. In the Port Rules window, you see the default port rule, as shown in Figure 6.56.This rule
evenly distributes arriving traffic among all cluster hosts. Select the default port rule and
click Edit….
9. The Add/Edit Port Rule dialog box appears, as shown in Figure 6.57. As you can see, the
default port rule applies to all cluster IP addresses on all ports and protocols. It also directs
all client requests to the same cluster host (Multiple host/Single Affinity). Click Cancel to
avoid modifying the default port rule.
10. Click Next in the Port Rules window to advance to the Connect window.
11. Enter the name of a host in the Host field and click the Connect button. When the host

is identified, select the network interface to load-balance, as shown in Figure 6.58.Then
click Next.
Implementing Windows Cluster Services and Network Load Balancing • Chapter 6 239
Figure 6.56 The Port Rules Window
Figure 6.57 The Add/Edit Port Rule Dialog Box
301_BD_W2k3_06.qxd 5/13/04 3:06 PM Page 239
At this point, you may receive the warning message, as shown in Figure 6.59. If you receive this
message, you are using DHCP to assign an IP address to your network interface.You must use static
IP addresses on your network interfaces when using NLB.You must cancel the configuration,
change from DHCP to static IP addresses, and begin this process again.
12. You are now presented with the Host Parameters window, as shown in Figure 6.60. Enter
the Priority, Dedicated IP address, and Subnet mask for the cluster host. Set the Default
state of the host to Started. (This setting will make the host automatically attempt to join
the NLB cluster on startup). Click Finish.
240 Chapter 6 • Implementing Windows Cluster Services and Network Load Balancing
Figure 6.58 Connect to an NLB Node
Figure 6.59 DHCP Warning Message
Figure 6.60 Configure Host Parameters
301_BD_W2k3_06.qxd 5/13/04 3:06 PM Page 240
13. You are now taken back to the main window of the NLB Manager utility, which will look
similar to Figure 6.61.
14. The bottom pane of the window is the log of activities performed by the NLB Manager.
Double-click an entry. Figure 6.62 shows an example of the details that appear when Log
Entry 0004 was double-clicked. When you are finished viewing the log entry’s details,
click OK.
15. Click the NLB cluster you just created.You will see current details about your cluster, sim-
ilar to those shown in Figure 6.63.
Implementing Windows Cluster Services and Network Load Balancing • Chapter 6 241
Figure 6.61 The Configured NLB Cluster
Figure 6.62 View NLB Manager Log Entry Details

301_BD_W2k3_06.qxd 5/13/04 3:07 PM Page 241
16. Click the host you just configured.You will see the port rules, as shown in Figure 6.64.
242 Chapter 6 • Implementing Windows Cluster Services and Network Load Balancing
Figure 6.63 Configured NLB Cluster Details
Figure 6.64 Configured Port Rules on Cluster Node
301_BD_W2k3_06.qxd 5/13/04 3:07 PM Page 242
Planning, Implementing,
and Maintaining a High-
Availability Strategy
In this chapter:
■
Understanding Performance Bottlenecks
■
Planning a Backup and Recovery Strategy
■
Planning System Recovery with ASR
■
Planning for Fault Tolerance
Introduction
High availability is a buzzword in today’s networking world, and for good reason.
Ensuring that the network’s resources are available to users when they need them is an
important part of the network administrator’s job. Downtime—whether caused by a
disk failure, a performance slowdown, data loss due to an attack, or the loss of an entire
server due to a natural disaster such as fire or flood—cuts into worker productivity and
impacts the business’s bottom line or the organization’s ability to accomplish its goals.
In the previous chapter, we looked at server clustering and network load balancing
as part of a high-availability network. In this chapter, we will look at the concept of
high availability and how it can be attained. We’ll provide an overview of performance
bottlenecks and what causes them, and show you how to identify such common system
bottlenecks as memory, processor, disk, and network components. We’ll walk you

through the steps of using the System Monitor utility to track server performance and
show you how to use Event Viewer and service logs to monitor server issues, as well.
Next, we show you how to plan a backup and recovery strategy. We’ll review the
Windows Backup Utility and the differences between full, incremental, and differential
backups. We’ll also discuss the use of the Volume Shadow Copy feature as a backup
option. We’ll review how to decide what information should be backed up. We’ll also
show you how to back up user data, system state data, the Dynamic Host Configuration
Chapter 7
243
301_BD_w2k3_07.qxd 5/11/04 5:01 PM Page 243
Protocol (DHCP) database, Windows Internet Name Service (WINS) database, Domain Name
System (DNS) database, cluster disk signatures, and partition layouts. We’ll walk you through the
process of using the Windows Backup administrative tool, including the Backup and Restore
Wizard feature and the Advanced Mode feature. We’ll also discuss the use of command-line tools.
Then we’ll talk about how to select your backup media, and you’ll learn about scheduling backups
and how to restore data from backup when necessary.
We’ll address how to plan for system recovery using the Automated System Recovery (ASR)
feature.You’ll learn about system services, how to make an ASR backup, and how to do an ASR
restore. We’ll explain how ASR works and discuss alternatives to ASR such as the Safe Mode and
Last Known Good boot options. Finally, we’ll discuss the importance of planning for fault tolerance,
including solutions aimed at providing fault tolerance for local network connectivity, Internet con-
nectivity, data on disk, and mission-critical servers.
Understanding Performance Bottlenecks
All system administrators want the systems they install to run perfectly out of the box, all the time.
We have all wanted to be able to safely turn off our pagers and cell phones. Our servers should run
reliably, quickly, and without interruption, right? Well, if that were the case, we would all be termi-
nally bored or changing careers.
Identifying System Bottlenecks
For the most part, a Windows Server 2003 system does run well in its default configuration, and, if
designed and maintained properly, operates with a minimum of administrative overhead. However, as a

general-purpose operating system, it can often be tuned to perform better when used for certain tasks.
The main hardware resources of any computer system are used by different applications and cir-
cumstances in different combinations, often taxing one resource more than another. If multiple
applications are run on a system, it is often possible to reach the limit of a resource and suffer slow
response time, unreliable services, or missed transactions. We will take a look at each of these
resources, discuss some of the common issues related to them, and consider some of the manage-
ment options available.
Memory
RAM is most often the single resource that becomes a bottleneck. A common cause of slow perfor-
mance is insufficient physical memory.The minimum recommended amount of memory for run-
ning Windows Server 2003 is 128MB (512MB for Datacenter Edition).These are very conservative
numbers. Even Microsoft recommends at least 256MB. If you have the ability, double (or more)
these amounts, and you will be happy you did.The short rule with memory is this: more is better.
The Windows operating system controls the access to and allocation of memory and performs
“housekeeping tasks” when needed. Applications request memory from the operating system, which
allocates memory to the application. When an application no longer needs memory, the application
is supposed to release the memory back to the operating system. An application that does not prop-
erly release memory can slowly drain a system of available free memory, and overall performance
will suffer.This is referred to as a memory leak.
244 Chapter 7 • Planning, Implementing, and Maintaining a High-Availability Strategy
301_BD_w2k3_07.qxd 5/11/04 5:01 PM Page 244
Another performance factor related to memory is the use of virtual memory (VM) or paging.
Virtual memory is a method of increasing the amount of memory in a system by using a page file on
the hard drive.Access to hard drives, even on the fastest disk subsystems, is dozens or hundreds of
times slower than access to RAM. When the operating system needs more RAM than is available, it
copies the least recently used pages of memory to the page file, and then reassigns those pages of
RAM to the application that requested it.The next time a memory request occurs, the operating
system may need to reallocate more pages in RAM or retrieve pages from the page file.This paging
process can slow even the fastest system.
Tuning memory is often as simple as adding more memory, reducing the number of applications

running (including applications that run in the System Tray), or stopping unnecessary services.
However, there is an advanced memory-tuning technique that can be applied if the application sup-
ports it. Part of the Enterprise Memory Architecture feature of the Enterprise and Datacenter edi-
tions of Windows Server 2003 is 4GB tuning (4GT), also called application memory tuning. Using this
feature, you can change the amount of RAM addressable by applications from 2GB to 3GB.Your
system must have at least 2GB of physical RAM installed, and the application must be written to
support the increased memory range. Consult the application documentation or contact your
vendor to make this determination.
Processor
CPUs are commonly described by their type, brand, or model (for example, Pentium 4), and their clock
speed (for example, 2.0 GHz). In simplest terms, the clock speed is how many times per second the
CPU executes an instruction. Generally, the faster the CPU is, the better the computer performs.
The CPU bus architecture is another factor when examining performance. A 32-bit CPU (which
includes all of Intel’s CPUs from the 80386 through the Pentium 4 and AMD’s CPUs from the
Am486 through the Athlon-XP) can use integers 32 bits wide and access 2
32
bytes of memory, or
4GB. A 64-bit CPU (Intel’s Itanium series and AMD’s Opteron series) can use integers 64 bits wide
and access (in theory) 2
64
bytes of memory or 16 exabytes (16 billion gigabytes). No current hard-
ware can support this amount of RAM. Windows Server 2003 supports a maximum of 512GB on
Itanium-based hardware with the Datacenter Edition.The point is that 64-bit CPUs can support
significantly more memory and run applications that use more of it than 32-bit CPUs, all at a faster
speed. Extremely large databases can get a large performance boost on 64-bit systems.
Using multiple CPUs in a computer (called multiprocessing) allows a computer system to run
more applications at the same time than a single-CPU system, because the workload can be spread
among the processors. In effect, this reduces the competition among applications for CPU time.A
related programming technology called multithreading allows the operating system to run different
parts of an application (threads) on multiple CPUs at the same time, spreading out the workload.

Windows Server 2003 can support up to 64 CPUs, depending on the edition of the operating
system in use.
A recent development by Intel is a technology called hyperthreading.This feature, introduced in
the Xeon and Pentium 4 series of processors, makes a single CPU appear to be two CPUs.
Hyperthreading is implemented at the BIOS level and is therefore transparent to the operating
system. It typically yields a performance increase of 20 to 30 percent, meaning it is not as efficient as
multiple physical CPUs. However, it is included free on hardware that supports the technology.
Planning, Implementing, and Maintaining a High-Availability Strategy • Chapter 7 245
301_BD_w2k3_07.qxd 5/11/04 5:01 PM Page 245