Re: SSL on NLB
- From: "Brian Desmond [MVP]" <brian@xxxxxxxxxxxxxxxx>
- Date: Fri, 21 Jul 2006 21:26:32 -0500
You need to assign three different public IPs on the firewall...
--
Thanks,
Brian Desmond
Windows Server MVP - Directory Services
www.briandesmond.com
"Jose" <jose_soto@xxxxxxxxxxx> wrote in message
news:1153151907.800934.96070@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thanks Brian,
I wish I could forward you the diagram so That i dont have to bother
you so much.
So in both front ends have the identical configuration including the
same binding for the IP's. Now if I add 2 more VIP's to the cluster NIC
then are you suggesting that I should keep the cluster group that I
have not have 3 clusters in NLB. How can I nat then in the firewall?
Brian Desmond [MVP] wrote:
Yes.
Each webmail.blah.com should bind to a different VIP. Just add the VIPs
to
the cluster NIC. I have a webfarm with three dozen + NLB VIPs on one NIC.
To be technically correct, NLB doesn't have a dedicated heartbeat NIC.
That
second NIC with one IP is your management NIC.
--
Thanks,
Brian Desmond
Windows Server MVP - Directory Services
www.briandesmond.com
"Jose" <jose_soto@xxxxxxxxxxx> wrote in message
news:1153101821.903269.48650@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Brian, Thanks for the suggestion one more question I guess it is
realted to the binding part. I guess this is done on IIS for that
specific website for instance webmail.urbandecay.com should be bind to
the VIP. Also The 2 FE's have each two NIC cards on for the NLB and
another one for the heartbeat. Can I just add more internal IP's to the
same NIC that we are using? Thanks in adveced.
Brian Desmond [MVP] wrote:
This is correct.
You need a seperate IP address for each SSL site.
You should add the two additional VIPs to the NLB cluster and then
bind
each
site to one of the VIPs. You can then do NAT on the firewall and map
an
external IP to each internal IP.
--
Thanks,
Brian Desmond
Windows Server MVP - Directory Services
www.briandesmond.com
"Jose" <jose_soto@xxxxxxxxxxx> wrote in message
news:1152910156.840524.25900@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
we have 2 Front End servers being load balanced (Microsoft Network
Load
Balance) and they share a Virtual IP. We have 3 url's pointing to
the
same public IP which is 12.42.135.197
(webmail.urbandecay.com,webmail.dfahome.com,webmail.hardcandy.com)
but
they all loging to the same AD domain and according to verisign and
thawte we need 3 public IP's to achive SSL because these
certificates
only work with FQDN domains not IP's. We only have one Website on
IIS
on both FE's. Now I believe we need 3 Websites on both server with
internal IP's and then assign these IP's to 2 more Virtual IP's and
maybe bind it on the NIC of each server. The do 1:1 Nat on the
firewall
but I dont know if i am missing something.
.
- Prev by Date: Re: sql 2000 to 2005 migration.
- Next by Date: W2k3 cluster print service
- Previous by thread: Exchange 2003 Cluster ExchangeSA
- Next by thread: W2k3 cluster print service
- Index(es):
Relevant Pages
|
Loading
