Load Balancing/High Availability Configuration for neoninsight Server



Similar documents
Monitoring a Linux Mail Server

FILECLOUD HIGH AVAILABILITY

Apache and Virtual Hosts Exercises

Using Network Attached Storage with Linux. by Andy Pepperdine

Allion Ingrasys Europe. NAStorage. Security policy under a UNIX/LINUX environment. Version 2.01

Linux Administrator (Advance)

F-Secure Messaging Security Gateway. Deployment Guide

Simple Scan to Setup Guide

Installing a Symantec Backup Exec Agent on a SnapScale Cluster X2 Node or SnapServer DX1 or DX2. Summary

Cisco Secure PIX Firewall with Two Routers Configuration Example

Laboration, Ping, Traceroute, etc

INASP: Effective Network Management Workshops

Twin Peaks Software High Availability and Disaster Recovery Solution For Linux Server

Configure a Mail Server

Procedure to Create and Duplicate Master LiveUSB Stick

SoftNAS Application Guide: In-Flight Encryption 12/7/2015 SOFTNAS LLC

Installing IBM Websphere Application Server 7 and 8 on OS4 Enterprise Linux

Installing Virtual Coordinator (VC) in Linux Systems that use RPM (Red Hat, Fedora, CentOS) Document # 15807A1-103 Date: Aug 06, 2012

Secure Network Filesystem (Secure NFS) By Travis Zigler

Creating an LDAP Directory

VPNSCAN: Extending the Audit and Compliance Perimeter. Rob VandenBrink

Installation Guide for AmiRNA and WMD3 Release 3.1

Introduction to Operating Systems

Configuring MailArchiva with Insight Server

Security Workshop. Apache + SSL exercises in Ubuntu. 1 Install apache2 and enable SSL 2. 2 Generate a Local Certificate 2

SIOS Protection Suite for Linux v Postfix Recovery Kit Administration Guide

CipherMail Gateway Quick Setup Guide

Introduction to Linux (Authentication Systems, User Accounts, LDAP and NIS) Süha TUNA Res. Assist.

NAStorage. Administrator Guide. Security Policy Of NAStorage Under UNIX/LINUX Environment

Expresso Quick Install

Deployment Guide Microsoft IIS 7.0

Workflow Configuration on R12/R11. High Level Steps. SENDMAIL configuration mostly done by System Administrator Workflow configuration for R12

Exercises: FreeBSD: Apache and SSL: pre SANOG VI Workshop

Cannot send Autosupport , error message: Unknown User

INSTALLING KAAZING WEBSOCKET GATEWAY - HTML5 EDITION ON AN AMAZON EC2 CLOUD SERVER

Monitoring Netflow with NFsen

I N S T A L L A T I O N M A N U A L

Enhanced Connector Applications SupportPac VP01 for IBM WebSphere Business Events 3.0.0

AXIGEN Mail Server. Quick Installation and Configuration Guide. Product version: 6.1 Document version: 1.0

Network Management & Monitoring Request Tracker (RT) Installation and Configuration

Department of Veterans Affairs VistA Integration Adapter Release Enhancement Manual

Implementing a Weblogic Architecture with High Availability

Escenic Content Engine Installation Guide

Lab 7: Introduction to Pen Testing (NMAP)

Partek Flow Installation Guide

Linux Networking: network services

Redmine Installation on Debian. v1.1

Parallels Plesk Panel

CS312 Solutions #6. March 13, 2015

Linux command line. An introduction to the Linux command line for genomics. Susan Fairley

High Availability for Informatica Data Replication in a Cluster Environment

PolyServe Understudy QuickStart Guide

Five Steps to Improve Internal Network Security. Chattanooga ISSA

avast! for linux technical documentation

How to Backup XenServer VM with VirtualIQ

Load Balancing and High availability using CTDB + DNS round robin

Resonate Central Dispatch

ULTEO OPEN VIRTUAL DESKTOP V4.0

Apt-mirror. Copyright c Dr. Kent L. Miller Jan-20

Exercises: FreeBSD: Apache and SSL: SANOG VI IP Services Workshop

Avast for linux technical documentation

Apache Tomcat Clustering

Configuring Apache HTTP Server With Pramati

Deployment Guide AX Series with Active Directory Federation Services 2.0 and Office 365

Installing QuickBooks Enterprise Solutions Database Manager On Different Linux Servers

Intellicus Cluster and Load Balancing- Linux. Version: 7.3

Quick Start Guide. Sendio System Protection Appliance. Sendio 5.0

Network Management & Monitoring

Storage / SAN / NAS. Jarle Bjørgeengen University of Oslo / USIT. October 18, 2011

Extending Remote Desktop for Large Installations. Distributed Package Installs

LISTSERV in a High-Availability Environment DRAFT Revised

Parallels Plesk Control Panel

Birmingham Environment for Academic Research. Introduction to Linux Quick Reference Guide. Research Computing Team V1.0

VMware Identity Manager Connector Installation and Configuration

InterWorx Clustering Guide. by InterWorx LLC

Configuration Worksheets for Oracle WebCenter Ensemble 10.3

Remote Unix Lab Environment (RULE)

CN=Monitor Installation and Configuration v2.0

Disaster Recovery Configuration Guide for CiscoWorks Network Compliance Manager 1.8

How To Set Up An Intellicus Cluster Server On Ubuntu (Amd64) With A Powerup.Org (Amd86) And Powerup (Amd76) (Amd85) (Powerup) (Net

Intellicus Web-based Reporting Suite

Active-Active and High Availability

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Linux System Administration on Red Hat

Preparing for GO!Enterprise MDM On-Demand Service

Using RADIUS Agent for Transparent User Identification

Configuring Nex-Gen Web Load Balancer

2. Boot using the Debian Net Install cd and when prompted to continue type "linux26", this will load the 2.6 kernel

Avira Update Manager User Manual

The objective of this lab is to learn how to set up an environment for running distributed Hadoop applications.

# Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server ; wins support = no

Oracle EXAM - 1Z Oracle Weblogic Server 11g: System Administration I. Buy Full Product.

Syntax: cd <Path> Or cd $<Custom/Standard Top Name>_TOP (In CAPS)

Aqua Connect Load Balancer User Manual (Mac)

Spectrum Scale HDFS Transparency Guide

VMware vcenter Log Insight Security Guide

F-SECURE MESSAGING SECURITY GATEWAY

Transcription:

Load Balancing/High Availability Configuration for neoninsight Server Introduction: This document provides details on the configuration and the components used for a two node load balancing system with the neoninsight server. This white paper provides a workable solution to customers who want to deploy a fault-tolerant system with load-balancing at minimal cost and complexity. Below are the steps to create the configuration. Software used: Debian (Etch and Lenny distributions) GNU/Linux: http://www.debian.org balance (http://www.inlab.de/balance.html): available in Debian Lenny distribution package Balance is a load balancing solution; it is a simple but powerful generic TCP proxy with round robin load balancing and failover mechanisms. nfs-kernel-server nfs-common neoninsight 5.0-10506: http://www.bynari.net/public/products/neoninsight/latest/stable Definitions: The neon A server is running Debian Lenny, neoninsight Server, and the balance software. All mail request activity is routed to this server. The neoninsight Server installation is only for the convenience of LDAP installation and maintenance. All other processes of neoninsight Server are not needed and should be stopped. This scenario could be further simplified by installing a standalone LDAP server and importing the data from a running neoninsight Server. For the purpose of this document, this server also is simulating a SAN or some other network attached storage by exporting an NFS share to the other servers. The use of the nfs-kernel-server package is encouraged over the nfs-user-server. The neon B1 and neon B2 servers are running either Debian Etch or Lenny and neoninsight Server. As email traffic passes through neon A, it is forwarded (email proxy) onto neon B1 and neon B2. neon B1 and neon B2 are configured to use a remote LDAP server and remote storage for mail. 4/3/2009 1

Figure 1 Load Balanced Network with HA Failover Considerations: When configuring NFS, it is important to have lockd and statd running. Installing the nfs-kernelserver provides the lockd and statd services. To verify that lockd is running, type the following command: ps ax grep lockd <enter> 11133? S 0:00 [lockd] This output shows that lockd is running. To verify that statd is running, type the following command: ps ax grep rpc <enter> 11451? Ss 0:00 /sbin/rpc.statd This output shows that statd is running. The nfs-common package also provides these processes. Make sure that Neon A, neon B1, and neon B2 are running both lockd and statd. Without them, neoninsight Server will not be able to obtain a proper lock on the shared mail storage files. balance is available as a Debian package in the Lenny or Sid distributions but not in Etch. It is also available in source code form from the 'balance' website (http://www.inlab.de/balance.html). The test environment in this paper is intended to demonstrate how load balancing and failover function. It is not intended to be a Best Practices configuration. In this example, there are three single failure points (OpenLDAP, Balance, and the NFS store). In a real-world environment, redundancy is necessary for each of these points. It is also worth noting that each networked environment is unique. It is not be possible to address every kind of failover scenario in this article. 4/3/2009 2

Configuration: neon B1 and neon B2 1. Install neoninsight server on neon B1 and neon B2. 2. Enter the neoninsight change root shell by typing: neoninsight shell <enter> 3. The user ID (UID) and group ID (GID) of the neon user (system user created during the neoninsight server installation process) will be needed when configuring neon A. Enter the following command to display the UID and group ID (GID) of the neon user. id neon <enter> Results should resemble the following: uid=102(neon) gid=104(neon) groups=104(neon) neon A NOTE: Make note of the UID and GID for use in the next section. 1. Install neoninsight server on neon A. 2. Log into neon A and configure some neoninsight user accounts for testing. 3. Stop neon, ejabberd, apache2, amavis, clamav, spamassassin, and all other neoninsight server services except LDAP. a. To stop the individual services, follow the below steps: i. Log into the neoninsight shell neoninsight shell <enter> ii. Change directories to the /etc/init.d directory: cd /etc/init.d <enter> iii. Run the list command to see a list of all the services running under init.d: ls <enter> iv. Among the services listed is apache2. To stop the apache2 service (or any of the neon services), type the following command: /etc/init.d/apache2 stop <enter> v. Repeat step iv for each service that is to be stopped. The only neoninsight service that needs to continue running is slapd. 4. Configure the NFS server on neon A. Allow neon B1 and neon B2 to access the share as in this example: (Using vi or the text editor of your choice) vi /etc/exports: /mnt/exports 192.168.81.130(rw) 192.168.81.131(rw) 5. Create a user named neon (system user) on the NFS server (neon A). Make sure that the UID is the same as the neon user account on the neon B1 and neon B2 servers. NOTE: In this example, neon A is serving multiple roles. One of those roles is as an NFS server. The neon user account is configured on neon A for the purpose of granting write access from neon B1 and neon B2 to the shared storage. 6. Create a group named neon (system group) on the NFS server (neon A). Make sure that the GID is the same as the neon group on the neon B1 and neon B2 servers. 4/3/2009 3

NFS 1. Mount the NFS share on neon B1 and neon B2 under the neoninsight Server change root. Test read and write access as the neon user account created in step 5 of the previous section. (Configuration neon A) On the server command line type: # neoninsight shell <enter> # mkdir /mnt/neon <enter> # chown neon.neon /mnt/neon <enter> # mount -t nfs neona.example.net:/mnt/exports /mnt/neon <enter> # su neon -s /bin/bash <enter> $ touch /mnt/neon/testfile <enter> $ ls -l /mnt/neon/ <enter> If you can create the testfile as shown above and see it in the directory listing, the NFS read and write access is working. 2. Create an entry in /opt/neoninsight/etc/fstab for the NFS mount on neon B1 and neon B2. Example: neona.example.net:/mnt/exports /mnt/neon nfs rw,user,auto 0 0 3. Stop neoninsight Server on neon B1 and neon B2 by issuing the following command on each server: neoninsight stop <enter> 4. While in the neoninsight Server changeroot (neoninsight shell) on neon B1, copy the following directories to the NFS share: # cp -a /etc/neon /mnt/neon/ <enter> # cp -a /var/neon/storage /mnt/neon/ <enter> # cp -a /var/neon/local-mb /mnt/neon/ <enter> 5. Move /etc/neon to /etc/neon_local and replace it with a symbolic link to the copy on the NFS share with the following commands: # mv /etc/neon /etc/neon local <enter> # ln -s /mnt/neon/neon /etc/neon <enter> 6. Repeat steps 4 and 5 on neon B2. 7. Edit neonconfig.xml on the NFS share (neon A) from either neon B1 or neon B2: # vi /mnt/neon/neon/neonconfig.xml <enter> Make the following changes to the file: Locate this line: <define name="ldapserver" value="localhost"/> Replace "localhost" with the IP address or hostname of neon A (where the LDAP service is running). Replace all instances of "file:///var/neon/local-mb" with "file:///mnt/neon/local-mb". This change directs neoninsight server on neon B1 and neon B2 to use the NFS copy of localmb instead of the local copy. 4/3/2009 4

Replace all instances of "/var/neon/storage/" with "/mnt/neon/storage/". This directs neoninsight Server on neon B1 and neon B2 to use the NFS copy of storage instead of the local copy. Save the file. 8. Edit /var/www/config/conf.php on neon B1 and neon B2 and locate the following line: $conf['insight'][ldap']['server'] = 'localhost'; Change 'localhost' above to the hostname or IP address of neon A (where the LDAP service is running). 9. Start neoninsight Server on neon B1 and neon B2. neoninsight start <enter> Log into the web admin service on neon B1 and neon B2 and view the users that were added to the LDAP on neon A in step 2 (under Configuration neon A). 10. Send a test message to a local user and verify that the incoming message is visible on both neon B1 and neon B2. If an error occurs, check /var/neon/log/logneon.log for error messages and check the write permissions of the NFS share directories. Make sure that 'rpc.statd' and 'lockd' are running on all three servers. Install Balance 1. Install balance on neon A using the apt-get command: apt-get install balance <enter> 2. Start balance on neon A to test the SMTP service: # balance -f smtp neonb1 neonb2 Testing 1. Watch the neoninsight Server logs on both neon B1 and neon B2 using the command, tail: # tail -f /var/neon/log/logneon.log 2. Test sending an email. You can use the WebClient or use the command line via telnet. To test via the command line with telnet, follow these steps: # telnet neona 25 Trying 192.168.81.129... Connected to 192.168.81.129. Escape character is '^]'. 220 Neon ESMTP Server at etch.bynari.net SMTP Server at etch.bynari.net HELO test@example.net 250 neona.example.net MAIL FROM: <test@example.net> 250 OK RCPT TO: <user11@bynari.net> 250 user11 <user11@bynari.net> OK 4/3/2009 5

DATA 354 Start mail input, end with <CRLF>.<CRLF> From: Test User <test@example.net> To: User 11 <user11@example.net> Subject: Just a test. This is a test message. 250 OK queued 0064534455-1236960468-23d6@MessageStore for delivery, 332 bytes ^] telnet> 3. Observe the logs on neon B1 and neon B2. One of them should show that it has received and stored the test message. Repeat the test and observe the logs again. This time the other server should show activity as balance alternates between the two servers. 4. Write a script to start balance covering SMTP, IMAP, WWW, and others and deploy it on neon A: balance smtp neonb1 neonb2 balance imap neonb1 neonb2 balance www neonb1 % neonb2 Note: The '%' is used as a separator for client requests. Rather than a simple round-robin algorithm, a hash distribution based on the client IP address, is used to determine which server gets the request. This feature ensures that client http sessions always route to the correct server. With all those steps complete, any IMAP, SMTP, or WWW requests to neon A will be distributed by balance between neon B1 and neon B2. Any LDAP changes on either machine will be instantly available on the other machine as will as any incoming mail or IMAP operations. Failure of a service on neon B1 or neon B2 will go unnoticed by the client/users except in the case of WWW. If WWW fails, the users will be asked to log in again, and a new HTTP session will be created. 4/3/2009 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information