Monday, September 17, 2012

About Quorum in Windows Server 2008

We Highly Recommend the New Quorum Models in Windows 2008

Microsoft Cluster Services has been completely redesigned in Windows 2008.  Windows 2008 offers New Quorum Models that are much superior to the Quorum Models in Windows 2003.

1.        What is Quorum and why is it so important?

Quorum is extremely important for any high availability solution, particularly so when the cluster nodes are in different data centers.  Consider a cluster that is several office blocks in distance apart.  If the network between the two data centers were to fail and isolate or "partition" each of the cluster nodes a cluster "split" can occur.  If both each node in each data center were to believe that it should run, the cluster has "split brain syndrome" - meaning the highly available single SAP system has split into two systems.  In the worst case scenario users would log into each of the two "split" systems and start entering data. 

To avoid split brain syndrome most cluster implementations use some form of voting in order to "elect" by majority an "owner" of a cluster service (such as SAP, SQL or any other service).  The concept is similar to a parliament, house or committee.  If there are too few members present (less than (n/2) + 1 node) then the committee does not have a quorum (required minimum number of votes) and cannot hold an election.  Also in cases where there are only two cluster nodes a "tie breaker" vote can be cast by a Witness or arbitrator

2.        What happens if a cluster loses Quorum?

Many customers & partners are surprised to learn that if a healthy running cluster loses Quorum, Microsoft Cluster Services is deliberately designed to stop the cluster services (meaning SAP and SQL will be shutdown).  The reason for this relates to topic #1 above.  The cluster software must protect against a "split brain" and this can only be guaranteed if (n/2) + 1 nodes are available and cast a "vote".

Therefore it is critical to ensure that Quorum is always maintained or the cluster service will be stopped.  Majority Node Set clusters can be forced to manually - see ForceQuorum

3.        Which Quorum Models are Available in Windows 2003?

The most commonly deployed Quorum Model is the Shared Disk Quorum Model.  This is very often the "Q: Drive" on Windows 2003 clusters (though there is no requirement for "Q:").  This Quorum Model uses SCSI RESERVE commandsto establish possession of a shared Quorum disk. 

The biggest drawback with having a single disk as the Quorum Model is that the disk is in and of itself, a Single Point of Failure (SPOF).  The design premise of the HA solution is to eliminate all SPOF in an infrastructure.  For this reason Microsoft released an enhancement in Service Pack 1 of Windows 2003 to support Majority Node Set with a File Share Witness.  This Quorum Model does not require a "Q: Drive" and the Quorum state is replicated into the %SystemRoot%\Cluster directory of each node.  This Quorum Model is highly recommended for mission critical clusters or geographically dispersed clusters.

4.        Which Quorum Models are Available in Windows 2008 or higher?

Windows 2008 and higher offers these Quorum Models.

The Quorum models are discussed in detail here.

  1. Node Majority quorum mode - this model requires an odd number of nodes. Uncommon for SAP systems
  2. Node and Disk Majority quorum mode - this is a combination of Node and Quorum disk. This Quorum Model can be used for clusters where the nodes are all in the one data center
  3. Node and File Share Majority quorum mode - Common for SAP systems and can also be used for Geographically Dispersed Clusters
  4. No Majority: Disk Only quorum mode - Traditional Windows 2003 Quorum Disk Model. Recommend to discontinue use of this Model

In addition to the above there are configurations using Node Majority where the cluster is stretched across two datacenters.  These "stretch clusters" are called Geoclusters.  Please contact Microsoft if you are planning to implement a Geocluster for SAP.  Also please note that although Windows 2008 supports cluster nodes on different IP Subnets, SAP does not.  Therefore it is still mandatory to span a VLAN across multiple data centers.  Technically the SAP application server cannot handle the Message Server changing its IP address suddenly.  Today we have many customers running SAP on SQL Server with a Geocluster.  An example is Queensland Railways

 5.        Which Quorum Model is recommended for SAP Systems?

Each customer environment is different, however in general we would encourage customers to evaluate Node and File Share Majority or Node and Disk Majority on Windows 2008 or higher.  Further information can be found in the section "Choosing the quorum mode for a particular cluster"

6.        Do SAP Support the new Quorum Models?

Yes, in fact SAP support the Majority Node Set and File Share Witness even for Windows 2003.  Today some of our largest customers are running using this Quorum Model on Windows 2003 or Windows 2008.  Quanta in Taiwan are using a Majority Node Set and File Share Witness Quorum Model. 

In the back pages of the SAP Windows SQL Installation Guide there are sections dealing with MSCS clustering.  Majority Node configuration is discussed in this SAP document.

7.        What are Multi-SID SAP Clusters?

SAP support installing multiple SAP systems onto a single set of servers in a cluster.  As SAP Benchmarks show that Intel Servers are becoming extremely powerful, a single 4CPU Intel Server supporting over 57,000 SAPS and 10,000 users it no longer makes sense to create separate Active/Passive clusters for each SAP component (such as ECC, BW, EP etc).

The Best Practices for installing a Multi-SID SAP cluster will be the topic of a Blog coming soon.  We will also provide some examples of successful Multi-SID customer deployments.  The SAP Installation Guide for Multi-SID Clusters is available for download.

8.        What are some of the other changes in Windows 2008 Clustering?

Windows 2008 clustering has changed so dramatically from Windows 2003 that a direct upgrade is not possible.  There are some options discussed in this blog, however for SAP systems the only supported procedure is a SAP Homogeneous System Copy (this involves a complete reinstallation of the operating system and database).  This is very simple and quick for SAP on SQL Server.   Refer to the SAP System Copy Guide and the notes listed in section 3 of this blog.

Other changes include a redesigned cluster admin tool, cluster validation tool and an increase of the maximum number of nodes in a single cluster from 8 to 16.  Today many SAP customers are deploying 3-4 node Multi-SID clusters.

9.        List of some important Notes, KB articles and Documents for Clustering

Below are a list of interesting links:

 Highly recommended is this blog : http://blogs.msdn.com/b/clustering/

http://blogs.msdn.com/b/clustering/archive/2008/05/10/8483427.aspx

 This webcast is strongly recommended for those evaluating a Geographically Dispersed Cluster:

https://msevents.microsoft.com/cui/WebCastEventDetails.aspx?culture=en-US&EventID=1032364834&CountryCode=US

http://msmvps.com/blogs/jtoner/default.aspx

 



Friday, September 14, 2012

DNS Interview Questions

 
DNSInterviewQuestionsandAnswer1.Secureservicesinyournetworkrequirereversenameresolutiontomakeitmoredifficulttolaunchsuccessfulattacksagainsttheservices.Tosetthisup,youconfigureareverselookupzoneandproceedtoaddrecords.Whichrecordtypesdoyouneedtocreate?2.WhatisthemainpurposeofaDNSserver?3.SOArecordsmustbeincludedineveryzone.Whataretheyusedfor?4.Bydefault,ifthenameisnotfoundinthecacheorlocalhostsfile,whatisthefirststeptheclienttakestoresolvetheFQDNnameintoanIPaddress?5.WhatisthemainpurposeofSRVrecords?6.Beforeinstallingyourfirstdomaincontrollerinthenetwork,youinstalledaDNSserverandcreatedazone,namingitasyouwouldnameyourADdomain.However,aftertheinstallationofthedomaincontroller,youareunabletolocateinfrastructureSRVrecordsanywhereinthezone.Whatisthemostlikelycauseofthisfailure?7.WhichofthefollowingconditionsmustbesatisfiedtoconfiguredynamicDNSupdatesforlegacyclients?8.Atsomepointduringthenameresolutionprocess,therequestingpartyreceivedauthoritativereply.Whichfurtheractionsarelikelytobetakenafterthisreply?9.Yourcompanyusestendomaincontrollers,threeofwhicharealsousedasDNSservers.YouhaveonecompanywideAD-integratedzone,whichcontainsseveralthousandresourcerecords.Thiszonealsoallowsdynamicupdates,anditiscriticaltokeepthiszoneup-to-date.Replicationbetweendomaincontrollerstakesupasignificantamountofbandwidth.Youarelookingtocutbandwidthusageforthepurposeofreplication.Whatshouldyoudo?10.YouareadministeringanetworkconnectedtotheInternet.Youruserscomplainthateverythingisslow.PreliminaryresearchoftheproblemindicatesthatittakesaconsiderableamountoftimetoresolvenamesofresourcesontheInternet.Whatisthemostlikelyreasonforthis?Answers………………….1.PTRRecords2.DNSserversareusedtoresolveFQDNhostnamesintoIPaddressesandviceversa3.SOArecordscontainaTTLvalue,usedbydefaultinallresourcerecordsinthezone.SOArecordscontainthee-mailaddressofthepersonwhoisresponsibleformaintainingthezone.SOArecordscontainthecurrentserialnumberofthezone,whichisusedinzonetransfers.4.PerformsarecursivesearchthroughtheprimaryDNSserverbasedonthenetworkinterfaceconfiguration5.SRVrecordsareusedinlocatinghoststhatprovidecertainnetworkservices.6.Thezoneyoucreatedwasnotconfiguredtoallowdynamicupdates.ThelocalinterfaceontheDNSserverwasnotconfiguredtoallowdynamicupdates.7.Thezonetobeusedfordynamicupdatesmustbeconfiguredtoallowdynamicupdates.TheDHCPservermustsupport,andbeconfiguredtoallow,dynamicupdatesforlegacyclients.8.Afterreceivingtheauthoritativereply,theresolutionprocessiseffectivelyover.9.ChangethereplicationscopetoallDNSserversinthedomain.10.DNSserversarenotcachingreplies..Localclientcomputers arenotcachingreplies…Thecache.dnsfilemayhavebeencorruptedontheserver.

DNS Interview Questions

DNS Interview Questions And Answers

1.What is DNS?
Domain Naming Services or System: - used for resolving host names to IPs and IPs to Host Names.

2.What is NBNS?
NetBIOS Naming System, ex. - WINS, 2k access resources using DNS naming Conventions

3.What is a Forward Lookup?
Resolving Host Names to IP Addresses

4.What is Reverse Lookup?
It's a file contains host names to IP mapping information.

5.What is a Resource Record?
It is a record provides the information about the resources available in the N/W infrastructure.

6.What are the diff. DNS Roles?
Standard Primary, Standard Secondary, & AD Integrated.

7.What is a Zone?
Zone is a sub tree of DNS database.

8.What is primary, Secondary, stub & AD Integrated Zone?
Primary Zone: - zone which is saved as normal text file with filename (.dns) in DBS folder. Maintains a read, write copy of zone database
Secondary Zone: - maintains a read only copy of zone database on another DNS server. Provides fault tolerance and load balancing by acting as backup server to primary server.
Stub zone: - contains a copy of name server and SOA records used for reducing the DNS search orders. Provides fault tolerance and load balancing.

9.What does a zone consist of & why do we require a zone?
Zone consists of resource records and we require zone for representing sites.

10.What is Caching Only Server?
When we install 2000 & 2003 server it is configured as caching only server where it maintains the frequently accessed sites information and again when we access the same site for next time it is obtain from cached information instead of going to the actual site.

11.What is forwarder?
When one DNS server can't receive the query it can be forwarded to another DNS once configured as forwarder.

12.What is secondary DNS Server?
It is backup for primary DNS where it maintains a read only copy of DNS database.

13.How to enable Dynamic updates in DNS?
Start>Program>Admin tools> DNS >Zone properties.

14.What are the properties of DNS server?
INTERFACES, FORWARDERS, ADVANCED, ROUTINGS, SECURITY, MONITORING, LOGGING, DEBUG LOGGING.

15.Properties of a Zone?
General, SOA, NAMESERVER, WINS, Security, and ZONE Transfer.

16.What is scavenging?
Finding and deleting unwanted records.

17.What are SRV records?
SRV are the service records, there are 6 service records. They are useful for locating the services.

18.What are the types of SRV records?
MSDCS:Contains DCs information
TCP:Contains Global Catalog, Kerberos & LDAP information.
UDP:Contains Sites information
Sites:Contains Sites information
Domain DNS Zone:Conations domain's DNS specific information
Forest DNS zone:Contains Forest's Specific Information.

19.Where does a Host File Reside?
c:\windows\system32\drivers\etc.

20.What is SOA?
Start of Authority: useful when a zone starts. Provides the zone startup information

21.What is a query?
A request made by the DNS client to provide the name server information.

22.What are the diff. types of Queries?
Recursion, iteration

23.Tools for troubleshooting DNS?
DNS Console, NSLOOKUP, DNSCMD, IPCONFIG, Logs, PM.

Regards
Mohamed Rafi
GSM :91-9791133997


Friday, September 7, 2012

Citrix Application Enumeration Process

Application Enumeration Process

The application enumeration process is as follows:

  1. A user launches a Web browser then connects to Web Interface.
  2. The Web Interface returns the logon page.
  3. The user types in credentials.
  4. The user's credentials are forwarded from XML then to IMA service in HTTP (or HTTPS) form.
  5. The IMA then forwards them to local Lsass.exe.
  6. The Lsass.exe encrypts the credentials then passes them to the domain controller.
  7. The domain controller returns the SIDs (user's SID and the list of group SIDs) back to Lsass.exe and to IMA.
  8. IMA used the SIDs to search the Local Host Cache (LHC) for a list of applications and the Worker Group Preference policy for that authenticated user.
  9. The list of the applications together with the user's worker group preference policy are returned to the Web Interface.
  10. The Web Interface returns the web page to the web browser. (This completes the application enumeration process).

The application launch process is as follows:

  1. User selects the application by clicking the application icon (such as Microsoft Word).
  2. The selected application data (Microsoft Word) is passed back to Web Interface.
  3. Web Interface passes the Microsoft Word information together with the user's Worker Group Preference policy back to IMA on the XML broker server.
  4. It then forwards to the IMA service on the Zone Data Collector.
  5. The Zone Data Collector tries to find out a least loaded server according to the Worker Group preference list.
  6. When it finds the least loaded server, it sends a query to the Citrix Service Manager of that server to verify whether the server has the required application installed, if the answer is yes, it then provides this server's host ID to the XML broker.
  7. The XML broker translates this host ID into it's IP address by searching the Local Host Cache.
  8. The IP address is then provided to Web Interface (this completes the application resolution).
  9. Web Interface uses this IP address to create the ICA file.
  10. The ICA file is then returned to Web browser on the client machine.
  11. Citrix online Web plug-in uses the ICA file to launch an ICA connection to the least loaded XenApp server.
  12. The XenApp server launches the application for the user.


Regards
Mohamed Rafi
GSM :91-9791133997