UAG Array and Network Load Balancing
One of the major new features in this UAG release is ‘array’. An UAG array is a set of machines that share the same configuration (trunks, applications, etc.) and is managed as a unit. It maps to our ‘Enterprise Readiness’ pillar, and provides the following benefits:
- Increased Availability
- Increased Scale
- Management as a unit
Increased availability and scale are achieved by load-balancing incoming traffic among several UAG machines – that increases both the overall capacity of the deployed system, and in case one UAG machine is down – the backend app is still available via other UAG machines. Before this release that was only possible with an external SSL load-balancer. In this release, we’ve integrated with Windows NLB (Network Load Balancing) to provide an out-of-box solution at no extra cost.
Obviously, when working with multiple machines for publishing the same applications and in the same manner, it would be a huge burden for the administrator to configure each machine separately. Fortunately, UAG abstracts that in a nice way: the admin would only need to make the configuration change from one of the machines, and the change would be automatically propagated to all array members. This is accomplished by having one of the array members (usually the first one) defined as the “manager”, which holds the authoritative copy of the configuration; changes to the configuration (from any machine) are updated there first, then propagated to other members. BTW, the array manager does not need to be a dedicated machine. There’s no extra load on the array manager.
Example Array
How does one get started with an array? It’s simple: you install UAG on one machine (that would be your Array Manager), then install UAG on another UAG machine and ‘join’ that machine to the Array Manager machine via the Array Management wizard. Before you join the machine to the array, you need to open connectivity from the member to the manager machine – you do that by launching the TMG console on the array manager machine and adding the second machine to the “Managed Server Computers” computer set:
Opening Connectivity to the Array Manager
Array Management Wizard
After joining the second machine to the array and performing activation you have a 2-nodes array up and running. You can start creating trunks and publishing applications; you can also join a node after you create trunks and publish applications – that node would inherit the configuration from the array manager. You should note that when joining a node to an array, the local configuration of the node will be wiped…
In order to enable NLB on your array you would need to create a Virtual IP Address, also known as a “VIP”, first. The VIP is an IP address that is shared by each node of the array. Traffic destined for a trunk that is associated with that IP address arrives at each of the nodes, but is picked by only one of them (this filtering is performed by NLB itself, way low at the network stack), thus effectively load-balancing the traffic between the nodes. You define a VIP from the Network Load Balancing dialog:
Network Load Balancing UI
Once you have a VIP defined, you can associate a trunk with that VIP.
UAG also has an interface for showing status of and performing operations on array members. For example, before taking a machine down for maintenance you can “drain” that machine, which means that new sessions are not going to be routed to that machine. When the current sessions on that machine terminate, you can safely take the machine down without disrupting active users. Those operations can be performed from the NLB section of the Web Monitor.
We have a lot more planned for the array. We see it as an important feature for our enterprise customers and we’re planning on investing much more in it. We’d love to hear your feedback on it!
Cheers,
Asaf Kariv | Lead Program Manager | Microsoft Unified Access Gateway
