How to Stretch Lan to WAN

Follow

How to Stretch LAN to WAN

Technical pre-requisites:

1. Neverfail Heartbeat must be installed in an Active Directory Integrated DNS environment

2. Run SCOPE Professional for 24 hours to measure the actual & required bandwidth across the proposed WAN link.

3. Verify that at least one Domain Controller at the WAN site is configured as a Global Catalog

4. The Neverfail server must be a member of the domain

5. Verify that at least one DNS server is configured at the WAN site

6. Configure hardware routers appropriately, so that Public and Channel traffic is routable across your WAN. Ensure that the WAN-link is operational and that there are NO networking issues: Neverfail recommends that Channel and Public IP Addresses are in different subnets. If this is not possible you will have to implement static routes. You should

  • Ping successfully
  • Have the IP addressing schema finalized (e.g. Public/Channel IP address of secondary server at WAN location).
  • Open any firewall ports as necessary (default Neverfail ports are 52267 and 57348).

LAN to WAN stretch process:

1 . Add Domain Admin account to Neverfail.

a . Login to Neverfail Heartbeat Management Client.

b. Click the Application button. Select the Configuration tab. Highlight “Neverfail Server”.

c . Click Add under the “User Account” section, and supply the Domain Admin account details. Click OK.

2. Using the Neverfail Management Console, shutdown Neverfail Heartbeat but leave all protected applications running.

3. On the Secondary Server with Neverfail Heartbeat stopped, unplug both the Public Network and Heartbeat Channel network cable/s.

4. On the Secondary Server, change the Public IP address to be the correct Public WAN IP address, default gateway, and subnet mask. The public IP should be set according to the local site I.P schema. Preferred DNS server must point to a machine that is local to the Secondary Server WAN site. Uncheck ‘Register this connection’s address in DNS” from the Network Card Properties.

5. On the Secondary Server, ensure that the Public NIC is listed first in “Network & Dial-up Connections”, “Advanced Settings”.

6. On the Secondary Server, change the Channel IP address to be the correct Channel WAN IP address. Ensure NetBIOS is disabled. Uncheck ‘Register this connection’s address in DNS” from the Network Card Properties.

7. On the Primary Server, change the Channel IP address to be the correct Channel WAN IP address. Ensure NetBIOS is disabled. Uncheck ‘Register this connection’s address in DNS” from the Network Card Properties.

8. On the Secondary Server, from the Neverfail System Tray Icon, run Configure Server Wizard. Click on the Public tab and change the IP address to the Public WAN IP address. Click on the Channel tab and change the IP address of the Primary and Secondary servers’ channel IP addresses to the corresponding Channels WAN IP addresses. Click finish.

9 . On the Primary Server, from the Neverfail System Tray Icon, run Configure Server Wizard. Click on the Channel tab and change the IP address of the Primary and Secondary servers’ channel IP addresses to the corresponding Channels WAN IP addresses. Click finish.

10. On the Primary Server, open the Public network connection properties uncheck ‘Register this connection’s address in DNS”. Click close, then step 11 must be performed immediately otherwise the client will not be able to connect to the Primary Server.

11. On all DNS servers, manually add Host (A) record and reverse pointer record for the Primary server address. Once done confirm all clients are able to connect to the Primary Server.

12 . On the Secondary Server, set the Neverfail R2 Server Service to Manual. Power down and relocate the Secondary Server to the WAN site.

13. On the Secondary Server, at the WAN site, connect Public and Channel network cables and power up Secondary Server.

14. On the Primary Server, confirm that the Channel NIC can ping the Secondary Server Channel address. If required (channel and public IP are in the same subnet) add a persistent route for the Secondary Server’s Channel connection. See Static Routes Implementation below for additional information.

15. On the Secondary Server, confirm that the Channel NIC can ping the Primary Server Channel address. If required (channel and public IP are in the same subnet) add a persistent route for the Primary Server’s Channel connection. Read the following information about static routes implementation: When using Channel Network addresses which are within the clients’ live IP range, it is required that persistent routes be added to both Primary & Secondary servers. This is necessary as the persistent route must be added to ensure that any communication with the Channel network is in fact established via the physical Channel NICs. · Open Routing and Remote Access from Administrative Tools · Select the server name, then go to Action menu and select Configure and Enable Routing and Remote Access which will launch the configuration wizard · Choose Custom Configuration, LAN routing and make sure the RRAS service was started · Select again the server, navigate to IP Routing and select Static Routes · From the Action menu choose to create a new static route · Select the Channel interface, enter the destination channel IP followed by the mask 255.255.255.255 and the source machine gateway Test the channel routing using “pathping -n Channel_IP” command to ensure that all the packets will be sent using the channel IP and not the public IP Neverfail recommends avoidance of the interface ID usage when creating static routes using “ route” command. This interface id cannot be used indefinitely as it is a dynamic number that can increment each time a server is rebooted or a NIC is disabled and enabled making the route useless. For a trouble free WAN implementation please use RRAS for implementing static routes.

16. On the Secondary Server, set the Neverfail R2 Server Service back to Automatic. Using the Neverfail System Tray Icon, select Start Neverfail Heartbeat.

17. On the Primary Server , add the following on top of the Start.bat script using the example below. NFCMD is case sensitive. Important: The DNSUpdate command will ONLY work with DNS’s that are part of the Active Directory. Echo NFCMD doExecuteAsUser <domain admin name> <domain name> "DNSUpdate -p <primary public IP address> -s <secondary public IP address>" <protected application name> start This command can be repeated in the scripts when there are additional pairs of IP addresses. It must also be a single line command

18 . On the Primary Server, using the Neverfail System Tray Icon, select Start Neverfail Heartbeat.

19. Allow initial synchronization process to complete – ignore the warnings: Warning - Domain does not match the zone . They will not influence the server functionality in any way

20. On the Secondary server, add the following on top of the Start.bat script using the example below. NFCMD is case sensitive. Important: The DNSUpdate command will ONLY work with DNS’s that are part of the Active Directory Echo NFCMD doExecuteAsUser <domain admin name> <domain name> "DNSUpdate -p <primary public IP address> -s <secondary public IP address>" <protected application name> start This command can be repeated in the scripts when there are additional pairs of IP addresses. It must also be a single line command.

21. Follow the Mandatory Tests section found in the the latest Neverfail Heartbeat Acceptance Verification document found on the document downloads section of the Neverfail Extranet.

 

 

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.