Building an NLB Clustered NFuse Portal

marlinlineInternet and Web Development

Oct 31, 2013 (3 years and 9 months ago)

64 views





Building an NLB Clustered NFuse
Portal

Windows 2000 Advanced Server, MetaFrame
XPe, NFuse, and “Project Columbia”





Building an NLB Clustered NFuse Portal

Windows 2000 Advanced Server, MetaFrame XPe, NFuse, and
“Project Columbia”

Forward

Forward by Rick De
hlinger, SSE, Citrix Systems, Inc.

This white paper, written by the man behind one of the most active and successful MetaFrame XP early adopters,
serves as an excellent example of a couple key MetaFrame XP deployment concepts. For starters, this document
describes how to set up an NLB (Network Load Balancing, a component of Win2K AS) clustered NFuse portal on
Windows 2000 Advanced Server running IIS 5. Since an Enterprise NFuse application portal can play a KEY role
in the successful deployment of applica
tions, providing this functionality in a highly available fashion is very
important. In this deployment, all production users access their Server Based applications through the NFuse
portal, making it a mission critical component of the system. While NLB

doesn’t do a sufficient job of balancing
actual application sessions, it does give us an excellent platform upon which to build a highly available NFuse
portal.

This deployment also serves as an early example of what I am calling a MetaFrame XP ‘Control’
server. XP
introduces a number of new roles into the MetaFrame Platform, such as ‘Data Collector’, ‘IMA Host’ (for indirect
Data Store configurations), ‘CMC Publisher’ (admins run CMC from/through this box), and print driver replication
source server. It

also highlights some of the important ones that have been there for quite some time, such as
the NFuse web server, central Auto
-
Client Update database, and IM Package file server. As I reference and
describe in item A5a of ‘MF Install and Tuning xxxxxx01
.pdf’ (available at
http://groups.yahoo.com/group/citrixnw
/files), in multi
-
server XP environments, it makes sense to spin off to a
dedicated XP ‘Control’ server to handle some or all of these functio
ns. Because of this, many savvy
administrators are moving these roles off of the production MetaFrame application servers and onto a dedicated
‘Control’ server(s), much like they used to do with a dedicated ICA master browser. Additionally, in a Win2K
en
vironment, this box can be a ‘Remote Admin’ mode server, leaving the Server Service and IIS to run with the
proper thread scheduling.

Finally, it is important to note that this deployment, and the document’s author, were instrumental in the
development of
the ‘Project Columbia’ Enterprise NFuse portal site (available at
http://groups.yahoo.com/group/citrixnw
/files). Many of Columbia’s features were developed based upon direct
feedback from the author,

and tested in the environment described here prior to publishing and distribution.

I would like to thank the author for going through the effort of sharing his experiences with the rest of the Server
Based Computing industry. It is through selfless effor
ts such as this that we all succeed in this industry, and his
efforts and attitudes should serve as a model for the rest of us to follow.

Good luck with your MetaFrame deployments!

Regards,

Rick Dehlinger

Senior Systems Engineer, Northwest

Citrix Systems,

Inc.



Overview

The purpose of this technical design document is to provide a detailed
description of the required components for creating a highly scalable, fault
-
tolerant NFuse application portal.

Architectural Overview


A basi
c understanding of Citrix MetaFrame XP, Citrix NFuse, Internet
Information Server, Windows 2000

Network Load Balancing, and layer
-
2/3
networking components is highly recommended.

Conceptual Overview

The purpose of this design is to facilitate a highly sca
lable and fault tolerant,
and scalable solution that combines multiple technologies into a single
solution.


VERSION 1.1

PAGE
2

10/31/2013

1.

Incoming HTTP or HTTPS requests from the client’s browser are load
balanced equally via port 80/443 to Internet Information Server.

2.

Using ASP to ins
tantiate Citrix NFuse components, client credentials
are wrapped and sent out the cluster to the secondary interface on the
same MetaFrame server.

3.

The Citrix XML service listening on port 8080 (configurable), receives
the data and processes application enu
meration based on the user’s
credentials. A list of authorized published applications is returned to
NFuse via port 8080 so that returning XML data is not load balanced to
a host that didn’t initiate the request.

4.

Internet Information Server’s ASP and Citri
x NFuse components
prepare and send a dynamically created HTML page to the user’s web
browser containing hyperlinks to the authorized published applications.

5.

When the user clicks the link to a published application, a second load
-
balanced request is made t
o IIS/NFuse using HTTP/S via port 80/443
for application resolution. With the NLB cluster client affinity set to
“single”, session state is maintained until convergence occurs.

6.

Using similar communication techniques as Step 3, NFuse contacts a
data collect
or to resolve the application name into an IP address.

7.

The MetaFrame XP data collector resolves the published application
into the IP address of the least busy server hosting the application and
returns a parsed template “.ica” file to NFuse; similar to St
ep 4.

8.

IIS sends the file to the web browser which passes the “.ica” file to the
Citrix ICA client.

9.

The ICA Client initiates a direct connection to the IP address via port
1494 (encrypted session stream).

Software Components

The following required software
components make up the entire solution to
provide load balancing and high availability through fault tolerance.

Windows 2000 Advanced Server

Microsoft Windows 2000 Advanced Server provides an extremely stable and
scalable platform for hosting the NFuse web

site.

Microsoft Internet Information Server 5.0

Microsoft IIS 5.0 provides a means for serving up the HTML and ASP
documents that the NFuse components communicate with.


VERSION 1.1

PAGE
3

10/31/2013

Network Load Balancing

Formerly known as the “Windows Load Balancing Service”, NLB pro
vides a
highly scalable mechanism for balancing HTTP requests at the network layer.

Note:

The Network Load Balancing option is not available on Windows 2000
Server.

Citrix NFuse

Citrix NFuse components are instantiated via IIS to provide connectivity to
se
rvers running MetaFrame XP.

Citrix MetaFrame XP 1.0 (optional)

MetaFrame XP 1.0 is installed on the same server to offer enumeration and
resolution of published applications.

Citrix Installation Manager 2.0 (optional)

Installation Manager 2.0 is added in c
ase you want to publish the CMC which
requires the plug
-
in to manage and schedule packages.

Citrix Resource Manager 2.0 (optional)

Resource Manager 2.0 can be set up to report critical farm
-
wide resource data
via MAPI, SMS, and SNMP.

Setup Instructions

Thi
s section includes a step
-
by
-
step process for installing and configuring the
above required software components. A basic understanding about the
installation and configuration of the software components is required.

Windows 2000 Advanced Server



Install Ter
minal Services (Remote Administration mode)



Install Internet Information Server



Make sure the local “Users” group has the “Log on Locally” right



Do not enter WINS addresses for the cluster Network Interface Cards



Register the virtual cluster and non
-
load
-
b
alanced NIC cards with DNS



Register the load
-
balanced NIC cards with an alternate name in DNS


VERSION 1.1

PAGE
4

10/31/2013

Internet Information Server



Accept default options for installing IIS (WWW Publishing Service) on
port 80 and HTTPS on 443.

Citrix NFuse Installation



Install NFus
e with the typical settings



Install current NFuse client files (optional)

Citrix MetaFrame XP 1.0 Installation (optional)



Install MetaFrame XP and accept default options.



Configure the XML service to run on port 8080 to prevent improper
load balancing of X
ML/HTTP traffic.



Ensure that each NLB cluster host is a data collector by creating a new
zone. This will make enumeration and resolution occur on the same
server.

Citrix Installation Manager 2.0 (optional)

Only the CMC plug
-
in is required. No special setup

required for redundancy.

Citrix Resource Manager 2.0 (optional)

Install with default settings.



Use the CMC to configure the primary cluster host as the “Farm Metric
Server”, and the second cluster host as the “Backup Farm Metric
Server”.



Also, configure e
ach cluster host as a MAPI connection server using
the CMC.

NOTE:
For SMTP functionality, you must install a MAPI compliant application
on each connection server with a valid e
-
mail profile. Please review the
Resource Manager 2.0 Administrator’s Guide for
more information.

NLB Cluster Design

Properties of Network Load Balancing

The most important component of the entire solution is the configuration of
Network Load Balancing properties. Incorrect configuration can cause the
NFuse portal to load balance the
wrong traffic to and from the cluster causing
session state to be lost.


VERSION 1.1

PAGE
5

10/31/2013

NOTE:
The architectural diagram above displays a hub in between the switch
and the primary NLB network interface to reduce port flooding on the Layer
-
2
switch, which may be shared by o
ther non
-
NLB hosts. For the purpose of this
implementation, we must disable the “MaskSourceMAC” feature so the uplink
switch knows of the virtual cluster MAC address.

By default, Network Load Balancing enables a feature called
“MaskSourceMAC” which masks t
he cluster’s virtual MAC address. This
facilitates two requirements:



The Layer
-
2 switching device must “see” unique MAC addresses from
each cluster host to operate properly.



The Layer
-
2 switching device never “knows” which port the virtual
MAC address exis
ts on, thus inducing “port flooding” so that each
cluster host responds to incoming virtual requests.

Cluster Parameters

The following diagram shows how the first host of the load
-
balanced cluster is
defined. You must define an IP address, Subnet mask, and

DNS name on both
hosts in the Cluster Parameters tab.



VERSION 1.1

PAGE
6

10/31/2013

Host Parameters

Each host will have a dedicated static IP address and Subnet mask defined in
the Host Parameters tab of the Network Load Balancing properties.

IMPORTANT:

Be

sure to specify the Priority (Unique host ID) for each cluster
host. If you have two or more hosts sharing the same ID, convergence will
not take place and those hosts will not load balance.


Port Rules

Set the port rules tab i
nformation to reflect the same settings in the image
below. Click Add/Remove/Modify buttons to configure the correct properties.

Client Affinity

Set client affinity to “single”. This will allow clients to continue using the same
IIS host until convergence
occurs.

Convergence

Membership of the cluster is maintained through the use of “heartbeats” and
convergence. When a host fails to respond to heartbeat messages within five

VERSION 1.1

PAGE
7

10/31/2013

seconds, it is deemed to have failed, and the remaining hosts in the cluster
perform

convergence.

NOTE:
Convergence generally takes less than 10 seconds, so interruption in
client service by the cluster is minimal.









“Project Columbia” (NFuse Portal)

Project Columbia is the code na
me for an amazing new web
-
based all
-
in
-
one
solution from Citrix that expands the ability to deliver any application over any
connection to any device.

The screen shots below show the single sign
-
on, configuration text file, and
multiple published applicati
ons from multiple farms. For a complete listing of
features consult the config.txt file included in the “Project Columbia” .zip file
at:

http://groups.yahoo.com/group/citrixnw/files



The above

picture shows the single sign
-
on to the portal, which interacts with
multiple farms of varying version levels and operating systems. This initial
page is load balanced for high availability.


VERSION 1.1

PAGE
2

10/31/2013

Once the user logs in, only the applications they have rights to

run are shown.
Program Neighborhood folders appear along with published applications.

If the user does not have the ICA Client installed, an optional “auto
-
install”
feature is used to install the ActiveX control.

If the client affinity setting in Windows
2000 NLB is set to “single”, the web
request will be directed to the same server used on the initial connection
(above). In case of a failed web server, the load is directed to an available
server within 10 seconds.



The config
.txt file is used to set the number of farms, backup XML listener
servers, and a flurry of options for client interaction.

The Project Columbia site also works well when connecting to external
MetaFrame servers behind a firewall using NAT. The
“NFuse_Inter
nalNetworks=” option allows you to set the internal network
address list for proper translation through a firewall.


VERSION 1.1

PAGE
3

10/31/2013

NOTE:
The config.txt file shown has been stripped of all detailed feature
listings for faster processing of information.

Command
-
Line tools

The primary tool used to query, set, and manage local or remote cluster/hosts
is called WLBS.EXE. The following command
-
line reference will assist you in
managing the local or remote cluster parameters.

NOTE:
To manage a cluster remotely you must enable R
emote Control in the
cluster parameters section of Network Load Balancing properties.

More Information

For more information about the specific technologies mentioned in this
document please visit:

Citrix MetaFrame XP/NFuse:
http://www.citrix.com/products/default.asp

Microsoft’s Network Load Balancing:
http://www.microsoft.com/windows2000/library/technologi
es/cluster/default.
asp

Author: Jason C. Shave (
jasonshave@hotmail.com
)