none
UAG and geographical HA and NLB?

Réponses

  • @Z_Cory

    1: First of, there is no requirements defined, as this is not supported at all. Meaning that if you ask anyone that does this for a living, it won't happen.

    2: Properly easier to find out which port dsadmin.exe uses in order to identify the application. Also source and destination IP might be useful.

    3: For default settings, yes its way to high. I'm pretty sure that it does not tolerate more than max 30ms or so between array members, with default settings. You might begin tweaking on settings for packet sizes, maximum wait etc, however that is entirely on your own.

    Bottom line, as this might be theoretical possible with the current UAG application, I would definitely not go down that road. Based on all the input in this thread. 

    • Proposé comme réponse Z_Cory lundi 19 août 2013 15:26
    • Marqué comme réponse D Wind mercredi 25 septembre 2013 03:45
    jeudi 25 juillet 2013 11:44

Toutes les réponses

  • What is the difference in latency between the two sites?

    User from LA accessing NY resources and other way around?

    lundi 8 juillet 2013 10:25
  • Will have to find that out - what would be the cutoff point for this to work?
    lundi 8 juillet 2013 12:16
  • Hi,

    Is it possible to have a UAG array (HA and NLB) across 2 physical locations? (e.g. 1 array between New York & LA)?

    Thank you

    Yes it is possible, but not with the built-in UAG clustering component as all servers need to reside on the same subnet for it to work.   Because of this limitation, we designed a UAG add-on software product that provides HA, NLB, and Geographic intelligent routing to UAG regardless of where in the world they're located.  Our solution is software based and runs directly on the UAG array master, and small agents on the members.

    The geographic routing is quite interesting as our application retains a database containing all the regional IP information around the world and can send users to the most geographically appropriate UAG.  This is important because latency based routing isn't reliable any longer as most DNS servers will no longer allow external queries.  So, for your example you can setup geographic regions where everyone east of the Mississippi river go to your NY UAG and everyone west can go to your LA UAG.   You can even assign specific cities in states to a particular POP.  Our largest customer using this technology has 5 geographic sites with 70,000 users.

    If you would like more information, just fill out the form and reference this TechNet posting:

    http://www.portsys.com/index.php/contact-us




    lundi 8 juillet 2013 14:02
  • Will have to find that out - what would be the cutoff point for this to work?

    Consider what performance your users are willing to accept, that will be the lowest. It depends on what your hosting behind the UAGs, if it is acceptable or not. In order words, even tho it might be technical possible, it might not be the right solution-

    I will do some lab on the technical side of this during the next days.

    lundi 8 juillet 2013 20:02
  • thank you Keith - will take a look at the product you've recommended
    lundi 8 juillet 2013 23:37
  • No problem, I hear what you are saying - and unfortunately at this stage we are still collecting all the requirements - and mine was just a generic question.

    thank you

    lundi 8 juillet 2013 23:38
  • Alright, 

    So far no problems in creating an UAG Array over two networks, with a routing gateway between.

    UAG 1: IP: 10.0.10.10 Subnet: 255.255.255.0 GW: 10.0.10.1

    UAG 2: IP: 10.0.20.20 Subnet: 255.255.255.0 GW 10.0.20.1

    DC: IP: 10.0.10.100 Subnet: 255.255.255.0 GW 10.0.10.1

    GW: IP: 10.0.10.1, 10.0.20.1, DHCP Subnet: 255.255.255.0 

    Now I need to test the functionality with some web servers also. I will let you know how it goes :)

    vendredi 12 juillet 2013 07:19
  • If you want to create a real UAG array, the servers must reside in the same subnets, internal AND external. Microsoft will not support it otherwise. I know some companies have gotten away with stretched VLANs to have the same subnet IPs available in two different datacenters, but the last time I checked this is also not supported because the latency between can cause all kinds of issues.

    Keith, is your solution just for UAG portal connections? Or does it help distribute DirectAccess connections as well? Just curious.

    lundi 15 juillet 2013 15:32
  • Hi Jordan,

    It's for both DirectAccess and UAG Portal Trunks.     It took a long time to figure out the ISATAP stuff to get it working right, but it works quite well.

    lundi 15 juillet 2013 15:39

  • @Jordan
    The only thing I agree on in your sentence is that latency will be the cause of your problems if you try to create an array over multiple networks. - But that is no different to any other cluster technology. The cluster needs to be able to communicate reliable between all nodes. What is defined as reliable, depends on the cluster technology. 

    As far as I read the supported scenarios for UAG, its fully supported to create a array over multiple subnets, as long as your not using the underlying TMG as the routing device/gateway. 

    UAG - Support boundaries
    http://technet.microsoft.com/en-us/library/ee522953.aspx

    However this is mostly theoretical possible only, nevertheless possible :)
    I just don't like the statement saying it's not possible. When in fact it is possible. (I don't know the exact round-trip latency requirement for an UAG array, but just to compare, the maximum round-trip latency for a Windows Cluster across networks is 500ms.

    Windows clustering and geographically separate sites
    http://support.microsoft.com/kb/280743/da

    mardi 16 juillet 2013 08:32
  • I didn't say that it was not possible to do a stretched VLAN, only that it's generally not supported. This is information straight from the mouths of folks on the UAG support team. If you configure an array over a stretched VLAN and there are any kind of communication problems for which you want to open a ticket, you are likely to be asked to reconfigure your environment.

    With a stretched VLAN we are still "sort of" talking about the same subnet. What you state about being able to do it on different subnets is defined in the documentation as not being supported:

    All Forefront UAG servers that you want to join to an array must belong to the same subnet. - from http://technet.microsoft.com/en-us/library/dd857258.aspx

    mardi 16 juillet 2013 13:04
  • Jordan & Jesper:

    I think you are both correct.  

    Microsoft will only support an 8 server cluster (UAG/TMG clustering component) that all reside locally on the same physical subnet.  Stretched VLANs for the purpose of extending a subnet to create a UAG cluster is not supported as networking variables unrelated to the UAG product are introduced.

    Using an external solution like the one I proposed earlier, or a hardware based load balancer solution (like Big IP) does not invalidate Microsoft support terms.  However it doesn't mean Microsoft will give you technical assistance with it, but it won't be an out of support scope configuration.    And to be honest, you're going to want support from the Load Balancer/Failover vendor anyway.

    The only effective way to put UAG boxes across the globe in different geographic regions and provide failover, geographic intelligent routing, and load balancing is by going with a 3rd party solution.


    mardi 16 juillet 2013 13:45
  • he he, if it wasn't for the link in the email, I don't think I would have been able to find this thread again in the new forum layout.

    thank you for all your efforts and comments on this topic!

    mercredi 17 juillet 2013 02:49
  • Nice to here others doing the same thing as me... I am trying to implement a solution using UAG array and GSS accross the world (Middle east, Europe, Asia and US); however,  I get very odd issues when trying to sync (tmg shows sysned on some, UAG array member does not show synced, UAG manager shows member is synced :(

    I bet this is why MS does not support it.  Hopefully I can get a few questions anwered here:

    1. What the bandwidth requirment for array, what and how much data is sent between array members.

    2. I did a netmon capture and saw dsadmin.exe connections every sec-- is this the array connection?

    3.  When I ping the array memeber is returns a 220ms repsonse, is this ok for the array?

    Thanks

    mercredi 24 juillet 2013 15:12
  • @Z_Cory

    1: First of, there is no requirements defined, as this is not supported at all. Meaning that if you ask anyone that does this for a living, it won't happen.

    2: Properly easier to find out which port dsadmin.exe uses in order to identify the application. Also source and destination IP might be useful.

    3: For default settings, yes its way to high. I'm pretty sure that it does not tolerate more than max 30ms or so between array members, with default settings. You might begin tweaking on settings for packet sizes, maximum wait etc, however that is entirely on your own.

    Bottom line, as this might be theoretical possible with the current UAG application, I would definitely not go down that road. Based on all the input in this thread. 

    • Proposé comme réponse Z_Cory lundi 19 août 2013 15:26
    • Marqué comme réponse D Wind mercredi 25 septembre 2013 03:45
    jeudi 25 juillet 2013 11:44
  • Thanks, I convinced my boss it was a bad idea, I had several problems just doing a test.

    I am new to UAG and might be livining in a dream world, but has anyone had success setting up multi-reduant-arrays?  I want to be able to reboot or activate without my users knowing, I understand it will boot the current users and thats ok.

    I was hoping there was a script or tool out there that copied array settings from each array, I can use the import and export but this screws up the IP address associated with the trunks.

    Thoughts?

    mardi 6 août 2013 17:39
  • Hiya, 

    When you setup an array, you only work from the array manager. UAG insures to align configuration on each array member. 

    You can keep track on this configuration synchronization from within the TMG manager.

    mercredi 7 août 2013 05:58
  • Also, UAG doesn't disconnect your users when you Activate, it is a smooth transition. If you have a UAG NLB array (same subnet) doing the active/active load balancing, you are able to reboot the nodes one at a time and users will still connect to the online nodes. It will disconnect their session and they will have to re-authenticate so that UAG can pick up the new cookie to the new session ID. You can go a step further if you are doing planned maintenance and you can do NLB drain-stops on the nodes for which you want to reboot, to make sure all user sessions have drained naturally before you reboot them.
    mardi 1 octobre 2013 13:05