Tuesday, April 19, 2016

NetScaler VPX - load balance Exchange - Part 5 (monitors)

The NetScaler VPX has numerous built-in "monitors" that check the state of the servers for which we are load balancing.

For example, there is a "ping-default" monitor and a "tcp-default" monitor (among many others not shown in the screenshot below):

If we highlight a monitor and select the Action "Show Bindings", we can see the services to which the monitor is bound:

By default (unless we designate another monitor), the RPC services use the "ping-default" monitor to check the status of the Exchange servers:

On the other hand, the OWA services use "tcp-default".

Note: this is shown in a screenshot below.

If we examine the properties of a service (or service group) we can also determine the monitor that is being used from this perspective:

These default monitors check the availability of a server: if the server does not respond to a ping (for example), the load balancer will not send packets (in the broadest use of this term) to the server that appears to be unavailable. However, it is possible that the server is available (functional) but the actual services are stopped. Therefore, we can optionally configure a monitor if we want to fine-tune the awareness of service availability).

Note: in the paragraph above, the word service refers to the Windows services running on the server (or the Unix/Linux equivalent) as opposed to the "services" (or "service groups") that we create on the NetScaler. 

The NetScaler VPX has a number of pre-configured monitors capable of checking the status of a particular service. For OWA (SSL) we have the following possibilities:
  • http
  • https
  • http-ecv
  • https-ecv

Note: we can also create custom monitors.

With http, the NetScaler sends a http request ("GET" for example) to the target server and waits for a http status code in response ("200" for example).

In the properties of the http monitor, the property for "Secure" is unchecked:

This seems to be incompatible with a target server requiring SSL connections, which would be the case if we use SSL pass-through or a SSL Bridge.

When I tested this for OWA, I obtained the following result:

However, if I use the "https" monitor (with "Secure" checked in the monitor properties), I obtain this result:

As for the other options (with the ecv suffix), they request a particular html page (for example) from the target server and search for a particular message in the response. In other words, the request contains a particular string and the response must contain a particular string as well.


But how do we select another monitor?

We go to the "Monitors" section of the service properties (highlight the service and click on Edit) and then click on "Service Load Balancing Monitor Binding" where we click on "Add Binding":

"Click to select" a new monitor:

Select a new monitor (for this example, where we are using OWA, I will select https):

Note: yes, click on "Select" once you have made your selection.

When we return to the "Load Balancing Monitor Binding" screen, "https" should have replaced the previous selection and we click on "Bind":

Back on the service properties page, click on "Done" at the bottom of the page (you may have to scroll).

Lastly, be sure to click the floppy icon in the upper right hand corner to save the configuration!


Now the "OWA" services on each of the two Exchange servers use the "https" monitor rather than the default "tcp-default" monitor:

1 comment:

  1. Thanks for sharing the info, keep up the good work going.... I really enjoyed exploring your site. good resource...best modem router combo