Windows Services Cluster Design

The Windows Services Cluster consists of several discrete pieces of hardware in one secure data center.  The cluster was designed with High-Availability in mind.  Whenever possible, no service is deployed with a single point of failure.  Where this is unavoidable, care is taken to use the most reliable components possible.

All file storage for the cluster is served from a Network Appliance FAS270c filer cluster.  The "NetApp" devices serve files directly to end-user workstations using the CIFS file sharing protocol.  The NetApp draws on the Active Directory domain controllers for authentication and authorization data, and appears to end-users as a Windows file server named "files.campus.ad.uvm.edu".  Near 100% uptime is expected from these redundant filer devices.

In addition to providing CIFS-based file access, the NetApp cluster also servers as an IP-SAN device (Internet Protocol Storage-Area Network) by implementing the iSCSI protcol (Internet SCSI).  Drawing on the iSCSI protocol, we are able to implement a Microsoft Cluster Services (MSCS) Server Cluster.  This cluster consists of two Dell PowerEdge 2650 servers (node1 and node2).  These servers provide highly-available, fault-tolerant access to our core print services, and to other cluster-able applications.  The cluster nodes maintain communications with each other using a pair of fault-tolerant "heartbeat networks".  MS-SQL database services are provided from a third PE2650 server named "app1".  Data from this server is copied to warm standby server to minimize downtime from a hardware failure.  In the future, we may deploy a SQL-Server cluster to provide instantanous recovery from hardware faults.

All server, filers, and networking equipment for the cluster are provided power on separate A/C circuits.  All circuits in the data center are routed through a massive UPS (uninterruptible power supply), which is backed by a diesel generator. 

Traffic from both the outside Internet and the campus Intranet are filtered through a Cisco Firewall maintained by Network Services.  Very strict firewall rules help to minimize the exposure of these servers to malicious attacks.