Cool Solutions

ZENworks Design Series :: Middle Tier Fault Tolerance



June 28, 2006 8:04 pm





This question has been coming up a lot lately… again!! So I thought I would address this here and see what the masses are dealing with.

What is the best way to build a fault tolerant Middle Tier Server system that also addresses load balancing and redundancy?

First things first. If you have thousands of users, and they are all pointing to a central Middle Tier Server farm, then you need to front the farm with an L4 switch (if possible), or wrap Microsoft Load Balancing Services around them (if you are running the Middle Tier in IIS on Windows 2000 Server or Windows Server 2003). I highly suggest an investment in an L4 switch simply because it is more reliable than Microsoft Load Balancing Services, or any other software-based load balancing service. You can also use DNS Round Robin, but this sucks when it comes to one of the nodes being down… DNS Round Robin will still attempt to connect the user to that node. In addition, by using an L4 switch you are able to introduce load balancing to the equation as well… very nice!!

This all being said, a fault tolerant Middle Tier Server system is not fault tolerant unless you are pointing each of the Middle Tier Servers to multiple eDirectory sources. I suggest you point each of the Middle Tier Servers to 2 or 3 eDirectory servers so that in the event one of the eDirectory servers goes down, you can still authenticate your users and get access to the ZENworks infrastructure. You can easily configure this using NSAdmin – the administrative interface for the Middle Tier Server software.

People have also asked whether or not the Middle Tier Server runs in a cluster. This is NOT supported. The main issue is that when a node fails over, the connections are not moved to the new node. This means that the service can fail over, the connections would be cleared, and the next time the launcher refreshes the users will be prompted to log back in to the Middle Tier Server. Stinky.

Lastly, I want to introduce a number of factors that govern the scalability of the Middle Tier Server. You need to consider all of these things when trying to figure out how many Middle Tier Servers you will need for the number of users you support. So… remember this:

  • Speed of the processor
  • Multi-processor server(s)
  • Physical memory
  • Speed of the NIC
  • Speed of the LAN/WAN
  • Staggered login times (let’s be real… everyone doesn’t log in at the same time)
  • Staggered launcher refresh intervals (use this setting in large scale environments)
  • Frequency of distributions (applications, policies, etc.)
  • Whether or not applications are being force cached (if they are, then the content goes through the Middle Tier Server)
  • Whether or not you are accessing application data via CIFS or NCP
  • Where are your identities stored? Way back when ZENworks for Desktops 4 was introduced I ran a pile of tests in the Super Lab over and over again. Each time we would move services around to find the optimal placement. Obviously when you are running eDirectory, Active Directory, and application file services (the ZENworks application content) on the same server this server becomes seriously taxed under heavy load. In large environments ensure that eDirectory, and Active Directory is running on dedicated servers, and you place your data/content on a file server that is NOT one of the directory servers. That being said, keep this in mind.
    • Location of eDirectory and connection speed
    • Location of Active Directory and connection speed
  • Are policies being delivered using ZENworks or Active Directory?

In closing, keep these factors in mind along with the recommendations on how to make your Middle Tier Server infrastructure fault tolerant and you will be all set. Design your stuff in your lab, think through how many people you are going to support, what you are delivering, where you are delivering it to, and how you will be delivering it. Follow these rules of thumb and you should sleep well.

Comments, suggestions, experience, etc… it’s all welcome!!  🙂


0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Categories: Uncategorized


Disclaimer: This content is not supported by Micro Focus. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.


  1. By:Ron van Herk

    Nice article Mark, I just want to point to the wiki page that has some info about the L4 configuration.

  2. By:Brian Baillie

    It is very dissapointing that a Layer 4 switch is recommended to do load balancing for Middleteir. After all these years from IPX using “nearest server” queries, to SLP resolve nearest server queries, and IP address costing with ICMP pings to resolve best server responses and availability its come to this. Has Novell lost its expertise in making software that will notice a service being unavaliable and attempt to connect to another server providing the same service transparently? It has become near impossible to defend Novell Zenworks when the extra pricetag of a load balancing layer 4 switch is an added cost to the customer when they are considering their options of a desktop management suite. How about building a timeout value into the desktop component of Middleteir that can be handed a DNS name which will resolve to more than one address and have the client check the addreses for availability and speed of response (SLP DA entries when DNS names are used can do this now). Now if the client side component doesn’t get a response in a timely fashion from its first server it simply goes to the next IP address resolved from the original DNS query and attempts the operation again, DNS roundrobin for kicks but have the client side determine round trip times. L4 loadbalancers do a wonderful job at greater expense, don’t let them replace knowledge and expertise that Novell has already demonstrated in the past, it causes lost sales.


  3. Brian.

    Also keep in mind that if you want to implement a software-based load balancing solution, there are other options out there. You don\’t have to use an L4 switch, I\’m simply recommending it because it is the most reliable… based on feedback from our own testing in the Super Lab, and based on direct feedback from our customers. So if you are looking for something a little less expensive, or at no cost at all there are solutions out there – some being open source.

    I also want to point out that we have also added (back in the ZENworks for Desktops 4.0.1 days) an option tag that you can deliver using DHCP to your clients that points them to the nearest Middle Tier Server based on the location they are coming in from (Option 100). I suggest you take a close look at this if you have a distributed Middle Tier Server environment.

    I have seen both hardware and software based implementations of load balancing, and they both work. Find the solution that best suites your needs (or your customers needs) and run with it.

    I hope this helps… and thanks for the frank feedback.


  4. Brian

    We’re not ‘going backwards’ – just that the Middle Tier is designed to use internet standard protocols for use – DNS, http, https – there is just no easy concept of ‘get nearest server’ with these.

    The Middle Tier also supports DNS round-robin – so this isn’t requiring L4 switching. For those running Windows Servers you can also use the Microsoft Load Balancing services.

  5. The middle-tier may support round-robin DNS, but I can say that this breaks fairly quickly if you’re hitting it with a terminal server farm where NAL is employed. We’ve had an open incident for some time, being worked by the venerable Jim Sumsion, citing XMGR.NLM as having a horrendous memory leak if you’re using RRDNS…the problem goes away the instant you choose a single server to be your middle-tier. Neither the middle-tier folks nor the ZDM folks have yet been able to identify the source of the problem or a fix.

    It seems to me that short of an L4 switch, this service has pretty severe scalability problems…I’m not sure what the answer is, but hopefully letting Novell know of the real-world use case scenarios will help get these problems addressed.

  6. By:Geoffrey Carman

    What would be nice is more concrete numbers for X numbers of clients require Y RAM, and Z CPU cycles (Not sure how that would work exactly). And I think you should hit the common size points.
    100 users
    1000 users
    5000 users
    10000 users

    Come up with some formula to calculate the login scattering, and let us figure out the variables for our users…

    The ones in the docs are very weak and shaky.

    The Cool Solutions referenced article on scaling is good, in terms of what matters, but no good hard grid that I can look at and say: Ah, 700 clients, you need at least 2 P4 CPU at 3Ghz, 4GB of RAM, dual NICs etc.

    I understand that there are so many factors involved it is hard, but even a range…

    1 Meg or RAM per user? 20 P4 Cycles per user? The way Citrix used to offer scaling advice.

    Or maybe even just some simple rules of thumbs… From experience. A client with 1000 clients on one middle tier is feeling a slowdown with certain hardware, etc…

  7. And to echo the comments from Ron – please feel free to extend and update the wiki.

  8. By:Brian Baillie

    I must not be explaining this correctly, here is my point. In the past Novell did a great job of including load balancing abilities and dead server detection in their client side software ie: the Novell client. Why are these features not present in the client side software? I am aware of the DHCP options and round robin DNS but as you point out, if you are connected to a middleteir server and it dies then you are out of luck, no recovery. For larger environments if you want load balancing and recovery then you need an L4 load balancer is the message being delivered to the customer, am I missing anything?


  9. Brian.

    Please keep in mind that when using the Middle Tier Server, you do not have the Novell Client software installed, so we are not utilizing it at all for dead server detection. That is why we are relying on other load balancing software to do the work for us.

    Remember also that the ZENworks Management Agent does not talk NCP… only HTTP. This was to allow us to better position ZENworks in a Microsoft centric environment.

    I see what you are saying though. Please also note that the Middle Tier Server is a stepping stone for us, as the next generation of ZENworks will have a lot more of functionality built in.