FTP HA windows cluster

Please refer to the following blog:

http://blog.brodaric.com/?p=149


More than once I had to setup“light” FTP server after the failover cluster has been deployed and additionalstorage for FTP was not planned. Also, additional servers for highly availableFTP were not an option. Microsoft has an article that describes how to configure highlyavailable FTP site in a Windows Server 2008 failover cluster. The problem with that solution is that it requires additional available storage for your FTP site, and simply said it’s a bit complicated. I’ll show you how toquickly setup highly available FTP server on existing Windows Server 2008failover cluster without FTP dedicated storage.

Please be careful that you don’t impact the performance of your database or any other clustered application by setting up high volume FTP server on existing shared disk. High volume FTP usually work with lot of files which can create a substantial loadon your storage.


Steps are:

  • Create domain user for FTP

  • Create FTP root folder, user root folder and assign     permissions

  • Setup FTP IP address

  • Create and configure FTP on each cluster node

  • Make FTP server highly available


Prerequisites:
Make sure that IIS 7.0 is installed on each cluster node.
If you are using Windows Server 2008, do not include the “FTP Server” role,instead download and install FTP 7.5 from one of the following locations:

  • Microsoft FTP Service 7.5 for IIS     7.0 (x86)

  • Microsoft FTP Service 7.5 for IIS     7.0 (x64)

If you are using Windows Server 2008R2 include the “FTP Server” role when installing IIS 7.0.


Create domain user for FTP:
In ADUC create user for FTP and assign them a least possible permissionson each cluster node.


Create FTP root folder, user root folder and assign permissions:
Make sure you are logged in to a cluster node that owns a cluster group with the storage where you will place your FTP root folder. Every FTP server needs aroot folder and in our case we will need a subfolder structure for isolating users. The FTP server’s engine logs in a user according to a username. For domain users home folder will be: %FTPRoot%\%UserDomain%\%UserName%

Example: We created a domain user [email protected] and full path to its FTP home folder will be %FTPRoot%\MYDOMAIN\ftpuser.

After creating folders, for each user’s folder set the following properties:

  • On Security tab under Advanced disable “Include     inheritable permissions from this object’s parent”.

  • Remove “Users” from “Group or user names” and add FTP     user with appropriate access rights (This way you will ensure FTP user     isolation).

wKioL1Zo6jSRvJcDAACHQ11qEiM013.png

 

Setup FTP IP address:
One of the things that makes your FTP server highly available is also the unique IP address regardless of which cluster node serves the clients. To create a unique IP for FTP server we have to create Client Access Point in a cluster group that owns a shared disk with FTP content. An access point is a name and associated IP address information that we will add as a resource to our cluster group. This IP address will “travel” with the cluster group and storage, making your FTP always accessible.

For more information about the Client Access Point, Please check:

Using Multiple Client Access Points (CAP) in a Windows Server 2008 (R2) Failover Cluster

http://blogs.technet.com/b/askcore/archive/2010/08/24/using-multiple-client-access-points-cap-in-a-windows-server-2008-r2-failover-cluster.aspx 

Understanding Access Points (Names and IP Addresses) in a Failover Cluster

https://technet.microsoft.com/en-us/library/cc732536.aspx 



Create and configure FTP on each cluster node:
Open IIS Manager and follow this few basic steps for creating new FTP site.

Right click on Sites, than Add FTPsite.

wKioL1Zo6kaCKfWfAABhoEZM9is793.png

Give your FTP site name and enter physical path �C it should point to FTP root folder previously created on shared drive.

wKiom1Zo6erCRsCvAAA8Y8wR_YE763.png

Binding and SSL settings:

wKiom1Zo6frBL618AACSvcSBPEs554.png

Under Authorization you can add multiple users (delimited with semicolon), or you can add them later. Each user will be logged to its own folder if you followed naming convention explained earlier.

wKioL1Zo6nvAFK3mAABhDIj4la4722.png


wKiom1Zo6hfihl4ZAADQs4roi5c293.png 

After creating FTP site on the first node you need to configure FTP on the other cluster nodes. Using Appcmd.exe allows you to create FTP on the other nodes without need to failover a group. You need to failover if want to create FTP from IIS Manager, since it won’t see the shared storage on the other nodes. Of course, for the proper testing you will need to failover group with FTP storage and monitoring script to other node.

To export the FTP site settings(change “TestFTP” to the name of your FTP) run from command prompt:
%windir%\system32\inetsrv\AppCmd.exe LIST SITE “TestFTP” /config /XML> TestFTP.xml

To import the settings on another node:
%windir%\system32\inetsrv\AppCmd.exe ADD SITE /IN < TestFTP.xml

Most of the things can be scripted,but if you have two node failover cluster creating some things manually is faster (application pool, SSL certificates, bindings etc.). Please check that all the settings on the other cluster nodes match the active node. This can bed one from IIS Manager once the FTP is created.


Make FTP server highly available:
The last step to configure highly available FTP site is to set up the genericscript resource that will be used to monitor the FTP service. Copythe following script to Windows\System32\inetsrv\Clusftp7.vbs and add it as generic resource script in Failover Cluster Management.


'Thisscript provides high availability for IIS FTP websites

'Thescript is applicable to:

'- Windows Server 2008: Microsoft FTP Service 7.5 for IIS 7.0 (available fordownload from microsoft.com)

'- Windows Server 2008 R2: FTP Service in the box

'Morethorough and application-specific health monitoring logic can be added to thescript if needed

 

OptionExplicit

'Helperscript functions

 

'Startthe FTP service on this node

FunctionStartFTPSVC()

 

 Dim objWmiProvider

 Dim objService

 Dim strServiceState

 Dim response

 

 'Check to see if the service is running

 set objWmiProvider =GetObject("winmgmts:/root/cimv2")

 set objService =objWmiProvider.get("win32_service='ftpsvc'")

 strServiceState = objService.state

 

 If ucase(strServiceState) ="RUNNING" Then

 StartFTPSVC = True

 Else

 'If the service is not running, try to startit

 response = objService.StartService()

 

 'response = 0 or 10 indicates that the requestto start was accepted

 If ( response <> 0 ) and ( response<> 10 ) Then

 StartFTPSVC = False

 Else

 StartFTPSVC = True

 End If

 End If

 

EndFunction

 

'Clusterresource entry points. More details here:

'http://msdn.microsoft.com/en-us/library/aa372846(VS.85).aspx

 

'Clusterresource Online entry point

'Makesure the FTP service is started

FunctionOnline( )

 

 Dim bOnline

 'Make sure FTP service is started

 bOnline = StartFTPSVC()

 

 If bOnline <> True Then

 Resource.LogInformation "The resourcefailed to come online because ftpsvc could not be started."

 Online = False

 Exit Function

 End If

 

 Online = true

 

EndFunction

 

 

'Clusterresource offline entry point

'Onoffline, do nothing.

FunctionOffline( )

 

 Offline = true

 

EndFunction

 

 

'Clusterresource LooksAlive entry point

'Checkfor the state of the FTP service

FunctionLooksAlive( )

 

 Dim objWmiProvider

 Dim objService

 Dim strServiceState

 

 set objWmiProvider =GetObject("winmgmts:/root/cimv2")

 set objService =objWmiProvider.get("win32_service='ftpsvc'")

 strServiceState = objService.state

 

 if ucase(strServiceState) ="RUNNING" Then

 LooksAlive = True

 Else

 LooksAlive = False

 End If

 

EndFunction

 

 

'Clusterresource IsAlive entry point

'Dothe same health checks as LooksAlive

'Ifa more thorough than what we do in LooksAlive is required, this should beperformed here

FunctionIsAlive()

 

 IsAlive = LooksAlive

 

EndFunction

 

 

'Clusterresource Open entry point

FunctionOpen()

 

 Open = true

 

EndFunction

 

 

'Clusterresource Close entry point

FunctionClose()

 

 Close = true

 

EndFunction

 

 

'Clusterresource Terminate entry point

FunctionTerminate()

 

 Terminate = true

 

EndFunction

-------------------------------------------

for specific information for how to create the generic resource script in Failover Cluster Management,plese check:

How to configure IIS Web Site and Application Pool in Microsoft Failover Cluster

https://zahidhaseeb.wordpress.com/2014/02/12/how-to-configure-iis-web-site-and-application-pool-in-microsoft-failover-cluster/ 


If you have any questions, please feel free to correct me


Thanks Ljubo Brodaric,,

你可能感兴趣的:(windows,cluster,ftp,application,IIS,pool)