Network Layouts

This chapter discusses the configuration of your network. It describes the hardware you will need for an effective traffic-managed server farm, and the DNS and IP address layout.

Essentials of Network Configuration

The components of a basic traffic-managed server farm are:

•One or more front-end machines running the Virtual Traffic Manager software

•A number of back-end servers (such as web or mail servers)

The front-end machines must be able to receive traffic from the Internet (or where the remote clients are located). They must also be able to contact the back-end machines.

The back-end servers will usually be visible only from an internal network. The front-end machines do not need to route traffic between the Internet and the back-end machines.

The Virtual Traffic Manager software is commonly deployed on a multi-homed machine. One network interface card is visible to the Internet; one or more network interface cards are exposed to the internal private networks where the back-end servers reside. It is also easy to configure a Virtual Traffic Manager on a machine with a single network card (this is common in an evaluation or testing environment), where a Virtual Traffic Manager can contact both the clients and the servers.

A fully fault-tolerant set-up will contain two or more front ends and several back-end servers. If any one machine fails, the Virtual Traffic Manager’s failover capability ensures that requests are routed to other machines, ensuring there is no single point of failure in the system.

Some product versions are restricted to just a cluster size of two Virtual Traffic Manager machines. Larger cluster sizes can be used with a software key upgrade.

If hardware availability is limited, fewer servers can be used. In the minimal case, it is possible to install the traffic management software and an Internet service on the same machine. This is not recommended, as it reduces the usefulness of the product and the ability to provide fault tolerance in the event of a hardware failure. It may, however, be useful for evaluation or demonstration purposes.

The Virtual Traffic Manager can be used in conjunction with a stand-alone firewall. In this scenario, your Virtual Traffic Managers should be visible from both the Internet and your internal network. Ivanti recommends you place your Virtual Traffic Managers in the applicable DMZ.

System Security discusses the security aspects of network setup in more detail. Ivanti advises you to read that chapter before setting up live services.