Hot Spare Drives
Another important feature to consider is the use of hot spare drives. Most modern, fault-tol-
erant disk controllers support the use of additional hard drives that wait for an existing
drive in an array to fail.When the controller determines that a drive has failed, it activates
the hot spare drive and uses it to replace the failed drive in the array.The data that was pre-
sent on the failed drive is re-created on the hot spare drive by the fault-tolerant controller,
not Windows. In this way, an array may operate for a brief time in a decreased availability
state, but will not require attention from an administrator to recover from that state.
Server Fault-Tolerance Solutions
The server is our final point of consideration for fault-tolerance. Our focus in this section is
on the server system itself, not on the workload or the services it provides.There are two
basic methods for introducing fault-tolerance on a server: hardware redundancy and virtual-
ization (called clustering).
Modern server hardware is designed around increasing performance and reliability.
Higher-end (more complicated and expensive) servers often include many built-in redun-
dancy features. It is possible to find servers that support spare RAM and CPUs, redundant
power supplies and cooling fans, built-in hardware RAID support, and many other features
integrated into the basic system. In addition, many components in modern higher-end
www.syngress.com
624 Chapter 8 • Planning, Implementing, and Maintaining a High-Availability Strategy
Figure 8.67 RAID 0+1
Data Stripe
Data Stripe
Mirror Stripe
Mirror Stripe
Controller
Server
RAID Level 0 + 1
(Mirroring Plus Striping)
255_70_293_ch08.qxd 9/10/03 1:44 PM Page 624
servers are hot-swappable, meaning the power does not need to be turned off in order to

remove or change the component.
Another hardware component that is often overlooked but is easily acquired and imple-
mented is a redundant power source. Ideally, you want duplicate power sources all the way
back to duplicate utility companies, but that is usually not possible.What is possible is the
installation of an Uninterruptible Power Supply (UPS) and the software to communicate
with it. A UPS is basically a large battery, although this term is sometimes also used to refer
to a generator.Your equipment plugs into the UPS, and the UPS plugs into utility power. If
utility power is cut, the UPS continues to power your equipment. Most often, a UPS is
used to provide power long enough for a proper system shutdown. Size a UPS by the
amount of power it must provide and the length of time needed to run when on battery.
The more equipment on a UPS or the longer the required runtime, the “larger” the UPS
must be. In very large environments, consider multiple UPSs operating in parallel (never
“daisy-chain” UPSs) and possibly a backup generator.
EXAM WARNING
In addition to your servers, you may also need to have your switches and hubs, a
monitor, and other equipment plugged into a UPS. Many UPS systems come with
software that uses the network to notify servers that power has been lost. If the
network hardware does not have power, servers will not receive these messages.
As a result, they will not know they need to shut down. In addition, you may want
to leave hardware plugged in that allows you to interact with the server during
power outages. That will be hard to do without a monitor.
Server virtualization refers to a method used to reduce the dependence of the services
provided by a server on the hardware it runs on. Server clusters are used for this purpose.
Server clusters are discussed in Chapter 9.
www.syngress.com
Planning, Implementing, and Maintaining a High-Availability Strategy • Chapter 8 625
255_70_293_ch08.qxd 9/10/03 1:44 PM Page 625
Summary of Exam Objectives
Windows Server 2003 often performs reasonably well in its default configuration, but insuf-
ficient memory, CPU, disk, or network resources can reduce performance to an unaccept-

able level. Proper tuning and allocation of these resources will ensure adequate
performance. Proper configuration of the server’s page files can improve performance.
Regular use of the Disk Defragmenter utility will ensure that your file systems do not
become a bottleneck for read and write operations. Use efficient and intelligent network
adapters to handle some of the processing load and reduce the overall impact communica-
tions have on the system.
The System Monitor utility can be used to monitor various counters present in the
system.These counters display real performance information about what is occurring in the
system. Some counters can display statistics as percentages, others as cumulative counts of
events, and others as immediate absolute values. System Monitor can be used to view cur-
rent activity in the system or to view data from log files.
A properly developed baseline can help in planning for increased growth and in identi-
fying resources that are being overutilized. A baseline provides a mechanism for identifying
what normal operating conditions are for a server.The baseline acts as a reference for trou-
bleshooting performance issues.
The operating system and some applications record events in numerous event log files.
The events in these files are always in the same format and can be viewed, searched, and
monitored to determine if a system is functioning properly. Entries in the event logs indi-
cate the severity or nature of the events. Security auditing can be enabled and security-
related events captured in the event logs.The logs themselves can be archived to create a
historical record of a server’s activities.
Backing up data is a must to ensure system availability. Only user accounts with ele-
vated user rights can perform backups or restores. Different methods (normal, differential,
and incremental) for performing backups are available to accomplish different objectives.
Backups can be performed to tape drives, network shares, or local disks, but not writable or
read-writable CD-ROMs or DVD-ROMs.
Some services like DHCP,WINS, and DNS may have special considerations or config-
uration issues that need to be addressed before backups are performed. Clustered server
disks also require special consideration for backups, and the new Volume Shadow Copy fea-
ture assists in creating backups of open files.

The Windows Backup Utility can be run either as a Wizard or in Advanced Mode.The
Wizard works in most situations and steps you through the process of creating or restoring
a backup.The Advanced Mode gives you access to the more powerful options of the utility
and lets you fine-tune your backups.The Backup Utility also lets you schedule backup ses-
sions, so that you can create a relatively simple and regular backup process.
The new ASR feature of Windows Server 2003 simplifies the process of re-creating a
failed server installation.The ASR process replaces the older ERD process used in previous
versions of Windows. Proper planning and preparation must be completed before ASR can
www.syngress.com
626 Chapter 8 • Planning, Implementing, and Maintaining a High-Availability Strategy
255_70_293_ch08.qxd 9/10/03 1:44 PM Page 626
be used to restore a system, and performing an ASR restore should be the last resort. An
ASR restore requires a floppy diskette drive to be present in the server, but one is not
required to create an ASR backup.
The proper use of fault tolerance will mean that services will continue to be provided
even when something breaks down. Redundancy in hardware, software, and communica-
tions ensures a reliable environment.The use of redundant network interfaces and proxy
servers will ensure reliable communications. Using disk RAID arrays for the storage of
applications and data will help prevent downtime due to a hard drive failure and may also
be used as a performance enhancer. Using redundant components to help cool your server
and provide power when the utility power fails will ensure your server operates in adverse
conditions.
Exam Objectives Fast Track
Understanding Performance Bottlenecks
 RAM is the one resource that most often becomes a performance bottleneck.
 A good rule of thumb is that more RAM is better.
 Virtual memory uses hard disk space to expand the apparent memory available in
the system. Performance decreases as virtual memory on the disk is heavily used.
 The processor is the brain of the computer. A computer can have multiple
processors.

 Disk controller technology and the use of RAID determines how fast data can be
read from or written to disk.
 Defragmenting a file system can improve read and write performance.
 Running multiple network protocols decreases overall network performance.
 Modern NICs can offload some of the communication processing overhead from
the CPU to the NIC, which can increase system performance.
 The use of IPSec can greatly increase the security of information as it travels on
the network. Using appropriate NICs to offload IPSec processing can improve
system performance.
 Full-duplex communication is desired for servers. Switches are typically required
to support full-duplex communications.
 System Monitor displays information collected by counters that let you examine
the performance of your system. Counters are installed by default by the
operating system and some applications.
www.syngress.com
Planning, Implementing, and Maintaining a High-Availability Strategy • Chapter 8 627
255_70_293_ch08.qxd 9/10/03 1:44 PM Page 627
 Baselining is used to determine the average operating parameters of your system
so that variations can be detected.
 Monitoring a large number of counters can impact system performance. Monitor
only the necessary counters.
 Information about various events that occur in the system is collected in a
number of event log files, which can be viewed using the Event Viewer utility.
 Event Viewer can be used to search the logs and filter out events you do not wish
to examine.
Planning a Backup and Recovery Strategy
 Data backup is an essential part of a high-availability strategy.
 Many things can cause loss of data—from hardware and software problems to
human factors.
 Good procedures are an indispensable part of a backup and restore strategy.

 The Windows Backup Utility is used to perform backups and restores, as well as
to create ASR sets.
 Specific user rights and permissions are required to perform a backup or restore.
 Several different backup types exist, including normal (full), copy, differential, and
incremental.
 Backup types are most effective when used in combination.
 Volume Shadow Copy is a new feature in Windows Server 2003 that allows the
Windows Backup Utility to back up open files.
 Different applications and components of the operating system may have specific
needs for either backup or restore.
Planning System Recovery with ASR
 ASR is a new feature of Windows Server 2003 that assists in the rapid re-creation
of a server after a major failure.
 ASR is a last-resort option. Booting into Safe Mode and the Last Known Good
mode should be tried before attempting an ASR restore.
 ASR sets are created from the Windows Backup Utility.
 ASR sets consist of a floppy disk and media containing the data on every
partition or volume that contained system components.
www.syngress.com
628 Chapter 8 • Planning, Implementing, and Maintaining a High-Availability Strategy
255_70_293_ch08.qxd 9/10/03 1:44 PM Page 628
 A floppy diskette is required to perform an ASR restore.The diskette contains
files that describe the disk identities and structure of the system being restored.
 An ASR restore requires the ASR backup media, the ASR diskette, and the
original Windows Server 2003 media.
Planning for Fault Tolerance
 Fault tolerance allows for components of a system to fail while the system
continues to function.
 Fault tolerance is achieved through a combination of redundancy, efficient load
distribution, proper planning, proper procedures, and training.

 Five nines refers to a system that is available 99.999 percent of the time.
 Network interfaces can be made fault tolerant by configuring multiple NICs for
failover or load-balanced operation.
 Using multiple Web and proxy servers increases availability.
 Use of RAID technology can reduce or eliminate downtime caused by disk drive
failure.
 Several RAID levels exist. Each RAID level is suitable for a specific type of use.
 Modern servers often have built-in redundancy, increasing their reliability.
 A UPS can prevent or reduce the downtime caused by a power failure.
www.syngress.com
Planning, Implementing, and Maintaining a High-Availability Strategy • Chapter 8 629
255_70_293_ch08.qxd 9/10/03 1:44 PM Page 629
Q: What is the best way to ensure a server has enough memory to operate acceptably?
A: Install more than the minimum amount of RAM.
Q: What is using part of a server’s hard disk as an expansion of memory called?
A: Virtual memory.
Q: What is the file that is used for virtual memory called?
A: The paging file.
Q: What does a multiprocessing system contain?
A: More than one CPU.
Q: What are the three most common disk interfaces?
A: ATA, SCSI, and Fibre Channel.
Q: What happens when a data packet crosses a router from a network with a large packet
size to a network with a smaller packet size?
A: The router re-creates the original packet as multiple smaller packets and forwards them
to their destination.
Q: What devices can the Windows Backup Utility use for performing backups?
A: Any device supported by the Windows Server 2003 operating system as having remov-
able and writable media.Tape devices are the most common.
Q: Can ASR be used to completely restore a failed system?

A: No, the purpose of ASR is to re-create the operating system. Additional restores of data
and applications are required for a full system restore.
Q: Why is RAID 5 not recommended for write-intensive situations?
A: Every time data is written to a RAID 5 array, the parity block must be recalculated.
www.syngress.com
630 Chapter 8 • Planning, Implementing, and Maintaining a High-Availability Strategy
Exam Objectives
Frequently Asked Questions
The following Frequently Asked Questions, answered by the authors of this book, are
designed to both measure your understanding of the Exam Objectives presented in this
chapter, and to assist you with real-life implementation of these concepts. You will also
gain access to thousands of other FAQs at ITFAQnet.com.
255_70_293_ch08.qxd 9/10/03 1:44 PM Page 630
Understanding Performance Bottlenecks
1. You have been tasked with the implementation of enhancing the security of your net-
work and have been allocated a modest budget to accomplish the task.You decide to
implement IP Security (IPSec) between your three Windows Server 2003 servers and
your Windows 2000 Professional and Windows XP Professional workstations. As the
implementation proceeds, you begin hearing reports that the network does not seem
as responsive.You confirm that performance has decreased.What can you do to return
performance to the previous level and still accomplish your objectives?
A. Remove IPSec from the workstations, leaving the servers configured with IPSec.
B. Remove IPSec from the servers, leaving the workstations configured with IPSec.
C. Add NICs to your servers and configure the cards for load balancing.
D. Purchase new NICs that support IPSec on the NIC.
2. You have inherited the responsibility of supporting a server from a previous adminis-
trator.The system has dual 1 GHz CPUs, 2048MB of RAM, and a dual-channel
caching hardware RAID controller with sixteen 18GB hard drives configured as a
RAID 5 array.The system has been running an important SQL database for some
time, but over the last few weeks, responsiveness has decreased as more people have

been accessing the SQL databases.Your part-time SQL administrator has told you that
recent database growth is not the culprit.The databases have been consistently using
between 40 and 45 percent of the available disk space.You have been asked to resolve
this problem.What can you do to increase the responsiveness of the SQL database?
A. Install more RAM in the server.
B. Change the RAID array to a RAID 0+1 configuration.
C. Change the RAID array to a RAID 0 configuration.
D. Increase the cache size on the array controller.
www.syngress.com
Planning, Implementing, and Maintaining a High-Availability Strategy • Chapter 8 631
Self Test
A Quick Answer Key follows the Self Test questions. For complete questions, answers,
and explanations to the Self Test questions in this chapter as well as the other
chapters in this book, see the Self Test Appendix.
255_70_293_ch08.qxd 9/10/03 1:44 PM Page 631
3. You have recently purchased a new single-CPU, Intel Xeon-based server.This hard-
ware will be used to run a multithreaded CPU-intensive application. How can you
ensure that the application performs at its best on the hardware provided?
A. Turn on hyperthreading.
B. Add a second CPU.
C. Boost the processing priority of the applications threads.
D. Disable hyperthreading.
4. Your server seems slow to respond to file requests from drive D: at times.You have
examined the system with Performance Monitor, and the counter
LogicalDisk:Current Disk Queue Length for the D: instance consistently varies
between 8 and 20 during these periods of slow response. Drive D: resides on an
external, 14-slot disk array with 4 slots populated with hard drives. How should you
resolve this problem?
A. Defragment drive D:.
B. Add more memory to the system to increase file-caching efficiency.

C. Add more physical drives to the external array; either expand drive D: across the
new drives or create another drive and move some heavily accessed files from
drive D: to the new logical drive.
D. Add processors or turn on hyperthreading.
5. You have recently purchased and installed two new name-brand servers.The servers
are identical in all respects, except that one server has a single CPU and the other has
two.The single-CPU system will be used for basic file and print services, and the
dual-CPU system will be used for running Microsoft Exchange Server. Both systems
respond adequately.While developing a performance baseline, you notice that the
dual-CPU system seems to be experiencing more interrupts per second than the
other server.What should you do to resolve this increased level of interrupts?
A. Do nothing.This is a peculiarity of Microsoft Exchange Server.
B. Increase the communication buffers on the multiple-CPU server’s NIC.
C. Remove the second CPU from the dual-CPU system.
D. Do nothing.This is normal for a multi-CPU system.
Planning a Backup and Recovery Strategy
6. You have been asked to develop a backup strategy for your company’s three Windows
Server 2003 servers.You have been told that the primary objective is to have the sys-
www.syngress.com
632 Chapter 8 • Planning, Implementing, and Maintaining a High-Availability Strategy
255_70_293_ch08.qxd 9/10/03 1:44 PM Page 632
tems up and running again as quickly as possible should a disaster occur.To accom-
plish this goal, initial funds have been allocated and, if necessary, ongoing funds will be
made available.What backup strategy should you adopt?
A. Full backups nightly to a tape drive installed in each server
B. Full backups nightly to a single, centralized tape drive
C. Full backups weekly, with daily differential backups to a tape drive installed in
each server
D. Full ASR backups nightly
7. You have been asked to develop a backup strategy for your company’s three Windows

Server 2003 servers.You have been told that the primary objective is to minimize the
ongoing cost of performing backups.To accomplish this goal, you have been given a
modest budget.What backup strategy should you adopt?
A. Full backups monthly, differential backups on the weekends, and incremental
backups daily to a tape drive installed in each server
B. Full backups monthly, differential backups on the weekends, and incremental
backups daily to a single, centralized tape drive
C. Incremental backups daily to a single, centralized tape drive
D. Periodic full backups and daily incremental backups to a single, centralized tape
drive
8. You have been asked to develop a backup strategy for your company’s three Windows
Server 2003 servers.You have been told that the primary objective is to minimize the
time required for performing backups on regular business days.You do not have the
use of any advanced storage technology, and an older application on the server
requires you to shut down the application and disable Volume Shadow Copy to get a
successful backup.To accomplish this goal, you have been given a sufficient budget.
What backup strategy should you adopt?
A. Full backups on the weekends and incremental backups daily to a tape drive
installed in each server
B. Full backups monthly and differential backups daily to a single, centralized tape
drive
C. Incremental backups daily to a single, centralized tape drive
D. Periodic full backups and daily incremental backups to a single, centralized tape
drive
www.syngress.com
Planning, Implementing, and Maintaining a High-Availability Strategy • Chapter 8 633
255_70_293_ch08.qxd 9/10/03 1:44 PM Page 633
9. Your company uses a well-known and respected third-party backup utility for all of its
servers.You are adopting Windows Server 2003 early after its release and have
upgraded a number of servers to the operating system.You have high hopes about

improving backup performance on some of your higher volume file servers (including
the ability to back up open files) and have installed the third-party client agent soft-
ware on your servers. After a few days, you notice that the speed of backups has not
increased.What is the most likely reason that backup performance has not increased?
A. Volume Shadow Copy has not been turned on for the appropriate volumes.
B. The third-party backup software does not use the new features present in
Windows Server 2003.
C. An ASR backup needs to be performed before the third-party utility will show
increased performance.
D. The drives hosting the files need to be defragmented for performance to improve.
Planning System Recovery with ASR
10. You have inherited the responsibility for supporting an important server recently
upgraded from Windows NT 4 to Windows Server 2003.When the server was
upgraded, it met the hardware requirements, but not by much. Increasing demand on
the system has led to lower than desirable performance. Company management has
authorized the purchase of new server hardware and would like you to upgrade the
server as quickly as possible with the least amount of risk and additional expense.
What is the best way to accomplish the upgrade in the fastest possible time, with the
lowest risk, and no additional cost?
A. Use a third-party product to duplicate the server onto the new hardware.
B. Create an ASR backup of the existing server. Use the ASR backup on the new
hardware. Back up the existing server. Restore the backup to the new hardware.
C. Install Windows Server 2003 onto the new hardware. Back up the existing server.
Restore the backup to the new hardware.
D. Shut down the existing server and move the existing hard drives to the new
server. Boot the new server with the old hard drives.
11. A few weeks ago, you installed a new server.You have been performing regular full
and incremental backups for all files on the system.You did not perform an initial
ASR backup.When you arrived this morning, you discovered that the hard drive
failed sometime last night after the backup completed, and the server will no longer

boot.You replaced the failed hard drive with an identical one you had on hand.What
is the quickest way to get the server back to its previous operational state?
www.syngress.com
634 Chapter 8 • Planning, Implementing, and Maintaining a High-Availability Strategy
255_70_293_ch08.qxd 9/10/03 1:44 PM Page 634
A. Start an ASR restore. Since the hard drive is new and identical to the failed drive,
ASR will automatically re-create the previous configuration.
B. You cannot restore the server. It is permanently lost.
C. Reinstall Windows Server 2003 in a minimal configuration, restore the most
recent full backup, and then restore all of the incremental backups in sequence.
D. Reinstall Windows Server 2003 in a minimal configuration, perform an ASR
backup, perform an ASR restore, restore the most recent full backup, and then
restore all of the incremental backups in sequence.
12. You are working on an existing server.The NIC manufacturer has notified you of an
updated driver for your card that will greatly improve performance.You download and
install the new driver. Before you reboot the system, you perform an ASR backup.
When you reboot the system, it reaches the graphical portion of the boot process and
presents a STOP message.What is the proper process for recovering from this
problem?
A. Perform an ASR restore from the ASR backup set you created before the reboot.
B. Reboot the system, press F8 when prompted during the boot process, select Last
Known Good Configuration, and press Enter.
C. Reinstall the operating system and do a restore of the system from tape backup.
D. Reboot the system, press F8 when prompted during the boot process, select Safe
Mode, and press Enter.
www.syngress.com
Planning, Implementing, and Maintaining a High-Availability Strategy • Chapter 8 635
255_70_293_ch08.qxd 9/10/03 1:44 PM Page 635
Planning for Fault Tolerance
13. You are responsible for administering a Windows Server 2003 system.The system has

a Pentium III 800 MHz CPU, 1024MB of RAM, and four hard drives configured in a
RAID 5 array that reside in an external seven-slot chassis.The array is controlled by a
modern, high-performance hardware RAID controller and presents the array to the
operating system as a single drive.You arrive on a Monday morning to find your
server has crashed. On investigation, you find that two of the hard drives failed.The
server has a built-in display that tells you that one drive failed late Friday night and
the second drive failed Sunday afternoon.What should you have done to prevent the
second drive failure from causing the server to crash?
A. Ensure that backups complete during business hours.
B. Use Volume Shadow Copy to automatically create a backup on the remaining
good drive.
C. Install a second hardware RAID controller and distribute the drives evenly on the
controllers.
D. Purchase another hard drive and configure it as a hot spare drive.
14. You are replacing a single-port NIC in your server with a new four-port NIC.Your
switches support 100 Mbps full-duplex operation.Your switches also support either
load-balancing or failover configurations.Which configuration choice is best for
increased performance and availability?
A. Configure the card for two-way load balancing with failover to the remaining
two ports.
B. Configure the card for four separate links to the switch.Windows Server 2003
automatically determines that the ports connect to the same switch and enables
failover.
C. Configure the card for four-way load balancing.
D. Leave the old NIC in the server and add the new four-port card into an empty
slot on the server. Configure the new card as a failover backup for the existing
card.
15. Your data center recently experienced a utility power failure that took down all of the
computer systems. Some systems experienced major problems (hard drive and fan fail-
ures) when the power was restored. Because of the failures, company management

decides to install an Uninterruptible Power Supply (UPS) for the data center to pro-
tect the systems from another power failure. A few months later, another power failure
hits the data center and the systems run for a time, then go down when the UPS runs
out of power.This time, hard drive failures occur and data is lost.What was missed
www.syngress.com
636 Chapter 8 • Planning, Implementing, and Maintaining a High-Availability Strategy
255_70_293_ch08.qxd 9/10/03 1:44 PM Page 636
during the implementation of the new UPS that would have prevented the second
power failure from impacting the servers?
A. Neither the proper procedures nor the automated software controls were imple-
mented to enable a controlled shutdown.
B. The UPS that was purchased did not have a high enough power runtime rating
to handle the load of the equipment in the data center.
C. Windows Server 2003 does not support the use of a UPS.
D. Windows Server 2003 does not support the use of a nondedicated UPS. Each
server must have a dedicated UPS.
www.syngress.com
Planning, Implementing, and Maintaining a High-Availability Strategy • Chapter 8 637
255_70_293_ch08.qxd 9/10/03 1:44 PM Page 637
www.syngress.com
638 Chapter 8 • Planning, Implementing, and Maintaining a High-Availability Strategy
Self Test Quick Answer Key
For complete questions, answers, and explanations to the Self Test questions in this
chapter as well as the other chapters in this book, see the Self Test Appendix.
1. D
2. B
3. A
4. C
5. D
6. A

7. D
8. A
9. B
10. B
11. C
12. B
13. D
14. C
15. A
255_70_293_ch08.qxd 9/10/03 1:44 PM Page 638
639
Implementing Windows
Cluster Services and
Network Load Balancing
Exam Objectives in this chapter:
4.1.1 Plan a high availability solution that uses clustering
services.
4.3 Implement a cluster server.
4.3.1 Recover from cluster node failure.
4.1.2 Plan a high availability solution that uses Network Load
Balancing.
4.4 Manage Network Load Balancing. Tools might include the
Network Load Balancing Monitor Microsoft Management
Console (MMC) snap-in and the WLBS cluster control utility.
Chapter 9
MCSE 70-293
 Summary of Exam Objectives
 Exam Objectives Fast Track
 Exam Objectives Frequently Asked Questions
 Self Test

 Self Test Quick Answer Key
255_70_293_ch09.qxd 9/10/03 2:42 PM Page 639
Introduction
Fault tolerance generally involves redundancy; for example, in the case of disk fault toler-
ance, multiple disks are used.The ultimate in fault tolerance is the use of multiple servers,
configured to take over for one another in case of failure or to share the processing load.
Windows Server 2003 provides network administrators with two powerful tools to enhance
fault tolerance and high availability: server clustering (only available in the Enterprise and
Datacenter Editions), and Network Load Balancing included in all editions.
This chapter looks first at server clustering and shows you how to make clustering ser-
vices part of your enterprise-level organization’s high-availability plan.We’ll start by intro-
ducing you to the terminology and concepts involved in understanding clustering.You’ll
learn about cluster nodes, cluster groups, failover and failback, name resolution as it pertains
to cluster services, and how server clustering works.We’ll discuss three cluster models:
single-node, single quorum device, and majority node set.Then we’ll talk about cluster
deployment options, including N-node failover pairs, hot standby server/N+1, failover ring,
and random.You’ll learn about cluster administration, and we’ll show you how to use the
Cluster Administrator tool as well as command-line tools.
Next, we’ll discuss best practices for deploying server clusters.You’ll learn about hard-
ware issues, especially those related to network interface controllers, storage devices, power-
saving features, and general compatibility issues.We’ll discuss cluster network configuration
and you’ll learn about multiple interconnections and node-to-node communications.We’ll
talk about the importance of binding order, adapter settings, and TCP/IP settings.We’ll also
discuss the default cluster group. Next, we’ll move onto the subject of security for server
clusters.This includes physical security, public/mixed networks, private networks, secure
remote administration of cluster nodes, security issues involving the cluster service account,
and how to limit client access.We’ll also talk about how to secure data in a cluster, how to
secure disk resources, and how to secure cluster configuration log files.
The next section addresses how to make Network Load Balancing (NLB) part of your
high-availability plan.We’ll introduce you to NLB concepts such as hosts/default host, load

weight, traffic distribution, convergence, and heartbeats.You’ll learn about how NLB works
and the relationship of NLB to clustering.We’ll show you how to manage NLB clusters
using the NLB Manager tool, remote-management tools, and command-line tools.We’ll
also discuss NLB error detection and handling. Next, we’ll move onto monitoring NLB
using the NLB Monitor Microsoft Management Console (MMC) snap-in or the Windows
Load Balancing Service (WLBS) cluster control utility.We discuss best practices for imple-
menting and managing NLB, including issues such as multiple network adapters, protocols
and IP addressing, and NLB Manager logging. Finally, we’ll address NLB security.
www.syngress.com
640 Chapter 9 • Implementing Windows Cluster Services and Network Load Balancing
255_70_293_ch09.qxd 9/10/03 2:42 PM Page 640
www.syngress.com
Making Server Clustering Part of
Your High-Availability Plan
Certain circumstances require an application to be operational more consistently than stan-
dard hardware would allow. Databases and mail servers often have this need.What if it were
possible to have more than one server ready to run the critical application? What if there
were a software component that automatically managed the operation of the application so
that, if one server experienced a failure, another server would automatically take over and
keep the application running? Such a technology exists, and it’s called server clustering.
The basic idea of server clustering has been around for many years on other computing
platforms. Microsoft initially released its server cluster technology as part of Windows NT
4.0 Enterprise Edition. It supported two nodes and a limited number of applications. Server
clustering was further refined with the release of Windows 2000 Advanced and Datacenter
Server Editions. Server clusters were simpler to create, and more applications were available.
In addition, some publishers began to make their applications “cluster-aware,” so that their
applications installed and operated more easily on a server cluster. Now with the release of
Windows Server 2003, we see another level of improvement on the server clustering tech-
nology. Server clusters now support much larger clusters and more robust configurations.
Server clusters are easier to create and manage. Features that were available only in the

Datacenter Edition of Windows 2000 have now been made available in the Enterprise
Edition of Windows Server 2003.
Terminology and Concepts
Although it has been used previously, a more formal definition of a server cluster is needed.
For our purposes, a server cluster is a group of independent servers that work together to
increase application availability to client systems and appear to clients under one common
name.The independent servers that make up a server cluster are individually called nodes.
Nodes in a server cluster monitor each other’s status through a communication mechanism
called a heartbeat.The heartbeat is a series of messages that allow the server cluster nodes to
detect communication failures and, if necessary, perform a failover operation. A failover is the
process by which resources are stopped on one node and started on another.
Cluster Nodes
A server cluster node is an independent server.This server must be running Windows 2000
Advanced Server,Windows 2000 Datacenter Server,Windows Server 2003 Enterprise
Edition, or Windows Server 2003 Datacenter Edition.The two editions of Windows Server
2003 cannot be used in the same server cluster, but either can exist in a server cluster with
a Windows 2000 Advanced Server node. Since Windows Server 2003 Datacenter Edition is
available only through original equipment manufacturers (OEMs), this chapter deals with
server clusters constructed with the Advanced Server Edition of Windows Server 2003
unless specifically stated otherwise.
Implementing Windows Cluster Services and Network Load Balancing • Chapter 9 641
EXAM
70-293
OBJECTIVE
4.1.1
255_70_293_ch09.qxd 9/10/03 2:42 PM Page 641
A server cluster node should be a robust system.When designing your server cluster, do
not overlook applying fault-tolerant concepts to the individual nodes. Using individual
fault-tolerant components to build fault-tolerant nodes to build fault-tolerant server clusters
can be described as “fault tolerance in depth.”This approach will increase overall reliability

and make your life easier.
A server cluster consists of anywhere between one and eight nodes.These nodes do not
necessarily need to have identical configurations, although that is a frequent design element.
Each node in a server cluster can be configured to have a primary role that is different from
the other nodes in the server cluster.This allows you to have better overall utilization of the
server cluster if each node is actively providing services. A node is connected to one or
more storage devices, which contain disks that house information about the server cluster.
Each node also contains one or more separate network interfaces that provide client com-
munications and support heartbeat communications.
Cluster Groups
The smallest unit of service that a server cluster can provide is a resource.A resource is a
physical or logical component that can be managed on an individual basis and can be inde-
pendently activated or deactivated (called bringing the resource online or offline). A resource
can be owned by only one node at a time.
There are several predefined (called “standard”) types of resources known to Windows
Server 2003. Each type is used for a specific purpose.The following are some of the most
common standard resource types:
■ Physical Disk Represents and manages disks present on a shared cluster storage
device. Can be partitioned like a regular disk. Can be assigned a drive letter or
used as an NTFS mounted drive.
■ IP Address Manages an IP address.
■ Network Name Manages a unique NetBIOS name on the network, separate
from the NetBIOS name of the node on which the resource is running.
■ Generic Service Manages a Windows operating system service as a cluster
resource. Helps ensure that the service operates in one place at one time.
■ Generic Script Manages a script as a cluster resource (new to Windows Server
2003).
■ File Share Creates and manages a Windows file share as a cluster resource.
Other standard resource types allow you to manage clustered print servers, Dynamic
Host Configuration Protocol (DHCP) servers,Windows Internet Name Service (WINS)

servers, and generic noncluster-aware applications. (It is also possible to create new resource
types through the use of dynamic link library files.)
Individual resources are combined to form cluster groups. A cluster group is a collection
of server resources that defines the relationships of resource within the group to each other
www.syngress.com
642 Chapter 9 • Implementing Windows Cluster Services and Network Load Balancing
255_70_293_ch09.qxd 9/10/03 2:42 PM Page 642
and defines the unit of failover, so that if one resource moves between nodes, all resources
in the group also move. As with individual resources, a cluster group can be owned by only
one node at a time.To use an analogy from chemistry, resources are atoms and groups are
compounds.The cluster group is the primary unit of administration in a server cluster.
Similar or interdependent resources are combined into the same group. A resource cannot
be dependent on another resource that is not in the same cluster group. Most cluster groups
are designed around either an application or a storage unit. It is in this way that individual
applications or disks in a server cluster are controlled independently of other applications or
disks.
Failover and Failback
If a resource on a node fails, the cluster service will first attempt to reactivate the resource
on the same node. If unable to do so, the cluster service will move the cluster group to
another node in the server cluster.This process is called a failover. A failover can be triggered
manually by the administrator or automatically by a node failure.A failover can involve
multiple nodes if the server cluster is configured this way, and each group can have different
failover policies defined.
A failback is the corollary of a failover.When the original node that hosted the failed-
over resource(s) comes back online, the cluster service can return the cluster group to oper-
ation on the original node.This failback policy can be defined individually for a cluster
group or disabled entirely. Failback is usually performed at times of low utilization to avoid
impacting clients, and it can be set to follow specific schedules.
Cluster Services and Name Resolution
A server cluster appears to clients as one common name, regardless of the number of nodes

in the server cluster. It is for this reason that the server cluster name must be unique on
your network. Ensure that the server cluster name is different from the names of other
server clusters, domain names, servers, and workstations on your network.The server cluster
will register its name with the WINS and DNS servers configured on the node running the
default cluster group.
Individual applications that run on a server cluster can (and should) be configured to
run in separate cluster groups.The applications must also have unique names on the net-
work and will also automatically register with WINS and DNS. Do not use static WINS
entries for your resources. Doing so will prevent an update to the WINS registered address
in the event of a failover.
How Clustering Works
Each node in a server cluster is connected to one or more storage devices.These storage
devices contain one or more disks. If the server cluster contains two nodes, you can use
either a SCSI interface to the storage devices or a Fibre Channel interface. For three or
more node server clusters, Fibre Channel is recommended. If you are using a 64-bit edition
www.syngress.com
Implementing Windows Cluster Services and Network Load Balancing • Chapter 9 643
255_70_293_ch09.qxd 9/10/03 2:42 PM Page 643
of Windows Server 2003, Fibre Channel is the required interface, regardless of the number
of nodes.
Fibre Channel has many benefits over SCSI. Fibre Channel is faster and easily expands
beyond two nodes. Fibre Channel cabling is simpler, and Fibre Channel automatically con-
figures itself. However, Fibre Channel is also more expensive than SCSI, requires more
components, and can be more complicated to design and manage.
On any server cluster, there is something called the quorum resource.The quorum
resource is used to determine the state of the server cluster.The node that controls the
quorum resource controls the server cluster, and only one node at a time can own the
quorum resource.This prevents a situation called split-brain, which occurs when more than
one node believes it controls the server cluster and behaves accordingly. Split-brain was a
problem that occurred in the early development of server cluster technologies.The intro-

duction of the quorum resource solved this problem.
Cluster Models
There are three basic server cluster design models available to choose from: single node,
single quorum, and majority node set. Each is designed to fit a specific set of circumstances.
Before you begin designing your server cluster, make sure you have a thorough under-
standing of these models.
E
XAM WARNING
Make sure you understand the differences between the server cluster models and
the circumstances in which each is normally used.
Single Node
A single-node server cluster model is primarily used for development and testing purposes.
As its name implies, it consists of one node.An external disk resource may or may not be
present. If an external disk resource is not present, the local disk is configured as the cluster
storage device, and the server cluster configuration is kept there.
Failover is not possible with this server cluster model, because there is only one node.
However, as with any server cluster model, it is possible to create multiple virtual servers.(A
virtual server is a cluster group that contains its own dedicated IP address, network name,
and services and is indistinguishable from other servers from a client’s perspective.) Figure
9.1 illustrates the structure of a single-node server cluster.
www.syngress.com
644 Chapter 9 • Implementing Windows Cluster Services and Network Load Balancing
255_70_293_ch09.qxd 9/10/03 2:42 PM Page 644
If a resource fails, the cluster service will attempt to automatically restart any applica-
tions and dependent resources.This can be useful when applied to applications that do not
have built-in restart capabilities but would benefit from that capability.
Some applications that are designed for use on server clusters will not work on a
single-node cluster model. Microsoft SQL Server and Microsoft Exchange Server are two
examples. Applications like these require the use of one of the other two server cluster
models.

Single Quorum Device
The single quorum device server cluster model is the most common and will likely con-
tinue to be the most heavily used. It has been around since Microsoft first introduced its
server clustering technology.
This type of server cluster contains two or more nodes, and each node is connected to
the cluster storage devices.There is a single quorum device (a physical disk) that resides on
the cluster storage device.There is a single copy of the cluster configuration and operational
state, which is stored on the quorum resource.
Each node in the server cluster can be configured to run different applications or to act
simply as a hot-standby device waiting for a failover to occur. Figure 9.2 illustrates the
structure of a single quorum device server cluster with two nodes.
www.syngress.com
Implementing Windows Cluster Services and Network Load Balancing • Chapter 9 645
Figure 9.1 Single Node Server Cluster
Storage
Node
Network
Virtual Server
Virtual Server
Virtual Server
. . .
255_70_293_ch09.qxd 9/10/03 2:42 PM Page 645
Majority Node Set
The majority node set (MNS) model is new in Windows Server 2003. Each node in the
server cluster may or may not be connected to a shared cluster storage device. Each node
maintains its own copy of the server cluster configuration data, and the cluster service is
responsible for ensuring that this configuration data remains consistent across all nodes.
Synchronization of quorum data occurs over Server Message Block (SMB) file shares.This
communication is unencrypted. Figure 9.3 illustrates the structure of the MNS model.
www.syngress.com

646 Chapter 9 • Implementing Windows Cluster Services and Network Load Balancing
Figure 9.2 Single Quorum Device Server Cluster
Node
Public Network
Virtual Server
Virtual Server
Virtual Server
. . .
Node
S
Quorum Logical Disk Logical Disk
Interconnect Network
Figure 9.3 A Majority Node Set Server Cluster
Node
Public Network
Node
Quorum Quorum Quorum
Node NodeNode
Quorum Quorum
255_70_293_ch09.qxd 9/10/03 2:42 PM Page 646
This model is normally used as part of an OEM predesigned or preconfigured configu-
ration. It has the ability to support geographically distributed server clusters.When used in
geographically dispersed configurations, network latency becomes an issue.You must ensure
that the round-trip network latency is a maximum of 500 milliseconds (ms), or you will
experience availability problems.
The behavior of an MNS server cluster differs from that of a single quorum device
server cluster. In a single quorum device server cluster, one node can fail and the server
cluster can still function.This is not necessarily the case in an MNS cluster.To avoid split-
brain, a majority of the nodes must be active and available for the server cluster to function.
In essence, this means that 50 percent plus 1 of the nodes must be operational at all times

for the server cluster to remain operational.Table 9.1 illustrates this relationship.
Table 9.1 Majority Node Set Server Cluster Failure Tolerance
Number of Nodes in Maximum Node Failures before Nodes Required to Con-
MNS Server Cluster Complete Cluster Failure tinue Cluster Operations
10 1
20 2
31 2
41 3
52 3
62 4
73 4
83 5
Server Cluster Deployment Options
When you use either the single quorum device model or MNS model, there are a variety
of ways that you can configure your clustered applications to act during a failover opera-
tion.The choices vary with the number of nodes in your server cluster, and each has advan-
tages and disadvantages.
These deployment options are not always mutually exclusive. In a server cluster with
several nodes and multiple cluster groups, it is possible that some groups will use one
deployment option while other groups use a different one. Consider these options carefully
when you design larger server clusters.
EXAM WARNING
Expect questions related to the cluster deployment options. A good understanding
of each deployment option, how the options are configured, and the
advantages/disadvantages of each will help you on the exam.
www.syngress.com
Implementing Windows Cluster Services and Network Load Balancing • Chapter 9 647
EXAM
70-293
OBJECTIVE

4.3
255_70_293_ch09.qxd 9/10/03 2:42 PM Page 647
N-Node Failover Pairs
The N-node failover pairs deployment option specifies that two nodes, and only two
nodes, may run the application.This is the simplest option and is, in essence, the only
option available in a two-node server cluster. If configured in a larger server cluster with
three or more nodes, the application will not be able to function if both nodes are not
operational. In larger server clusters made up of nodes with different processing capabilities
or capacities, you can use this option to limit an application to running on only the nodes
capable of adequately servicing the application.
An N-node failover pair is configured by specifying the two nodes in the Possible
Owners property for the cluster resource, as shown in Figure 9.4.You can set the Possible
Owners property using the server cluster administrative tools described in the “Server
Cluster Administration” section later in this chapter. Every cluster resource has a Possible
Owners property that can be configured or left blank.
Figure 9.5 illustrates an N-node failover configuration in a server cluster with four
nodes—A, B, C and D—in its normal operational state. Nodes A and B are configured as a
failover pair, and nodes C and D are also a failover pair.Assorted virtual servers are active
and are spread among the nodes.
www.syngress.com
648 Chapter 9 • Implementing Windows Cluster Services and Network Load Balancing
Figure 9.4 Setting the Possible Owners Property
Figure 9.5 N-Node Failover, Initial State
Public Network
Virtual 1
Virtual 3
Virtual 2
Node A Node DNode B Node C
Virtual 8Virtual 5Virtual 4
Virtual 6

Virtual 7
Initial State
Failover Pair AB
Failover Pair CD
255_70_293_ch09.qxd 9/10/03 2:42 PM Page 648