Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Failover Engine (FoE) > How to Stretch LAN to WAN with Orion Failover Engine Installed

How to Stretch LAN to WAN with Orion Failover Engine Installed

Created by Seamus.Enright, last modified by MindTouch on Jun 23, 2016

Views: 40 Votes: 0 Revisions: 3

Overview

Orion Failover Engine provides for a simple transition from a LAN implementation to a WAN implementation allowing the secondary server to be relocated to a distant location for both operational and data security reasons.

Environment

Orion Failover Engine must be installed in an Active Directory Integrated DNS environment.

Steps

Technical Prerequisites

  1. Run Orion Failover Engine Diagnostics for 24 hours to measure the actual and required bandwidth across the proposed WAN link.
  2. Verify that at least one domain controller at the WAN site is configured as a global catalog.
  3. The Orion Failover Engine server must be a member of the domain.
  4. Verify that at least one DNS server is configured at the remote Disaster Recovery (DR) site.
  5. Configure hardware routers appropriately, so that principal and SolarWinds Channel traffic is routable across your WAN. Ensure that the WAN-link is operational and that there are NO networking issues.
    Note: SolarWinds recommends configuring channel and principal IP addresses in different subnets. If this is not possible, you will have to implement static routes.
    You should:
    1. Ping successfully.
    2. Have the IP addressing schema finalized (principal/channel IP address of secondary server at the Disaster Recovery (DR) location).
    3. Open the required firewall ports (default Orion Failover Engine ports are 52267 and 57348).

    Note: On Windows Server 2008, the Routing and Remote Access service (RRAS) has a dependency on the HTTP service. When the IIS service is installed on a Orion Failover Engine pair and the IIS plug-in is installed, the plug-in will stop the HTTP service on the secondary server causing the Routing and Remote Access (RRAS) service to stop resulting in the SolarWinds Channel dropping. To resolve this issue, use the ROUTE ADD command from the command shell as shown below:

  6. Open a command window by navigating to Start > Run, type CMD and click OK.
  7. From the command prompt type:

         ROUTE ADD [DestinationIPAddress] MASK [netmask] [Gateway] METRIC [metric] IF [Interface] -p
    EXAMPLE: ROUTE ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3 IF 2 -p

  8. Close the command window.

LAN to WAN Stretch Process

  1. Add the Domain Admin account to Orion Failover Engine.
    1. Login to the SolarWinds Orion Failover Manager.
    2. Select the Applications: Tasks tab.
    3. Select SolarWinds Orion.
    4. Click User Accounts, click Add, and enter the Domain Admin account details.
    5. Click OK and click Close.
  2. Using the SolarWinds Orion Failover Manager, shutdown Orion Failover Engine but leave all protected applications running.
  3. On the secondary server with Orion Failover Engine stopped, unplug both the principal network cable and SolarWinds Channel network cables.
  4. On the secondary server, change the principal IP address to be the correct principal WAN IP address, default gateway, and subnet mask. The principal IP should be set according to the local site IP schema. The Preferred DNS Server must point to a machine that is local to the secondary server Disaster Recovery (DR) site. In Network Card Properties, clear the Register this connection's address in DNS check box.
  5. On the secondary server, ensure that the principal NIC is listed first in Network & Dial-up Connections > Advanced Settings.
  6. On the secondary server, change the SolarWinds Channel IP address to be the correct SolarWinds Channel WAN IP address. Ensure NetBIOS is disabled. In Network Card Properties, clear theRegister this connection's address in DNS check box.
  7. On the primary server, change the SolarWinds Channel IP address to be the correct SolarWinds Channel WAN IP address. Ensure NetBIOS is disabled. In Network Card Properties, clear the Register this connection's address in DNS check box.
  8. On both the primary and secondary servers, ensure that the principal NIC is listed first in Network & Dial-up Connections > Advanced Settings.
  9. On the secondary server, from the Orion Failover Engine system tray icon, run the Configure Server wizard. Open the Public tab and change the principal WAN IP address. Open the Channel tab and change the IP address of the primary and secondary servers' SolarWinds Channel IP addresses to the corresponding SolarWinds Channel WAN IP addresses, and then click Finish.
  10. On the primary server, from the Orion Failover Engine system tray icon, run the Configure Server wizard. Open the Channel tab and change the primary and secondary servers' SolarWinds Channel IP addresses to the corresponding SolarWinds Channel WAN IP addresses, and then click Finish.
  11. On the primary server, open the principal network connection properties and clear the Register this connection's address in DNS check box, and then click Close.
    Note: 
    Step 12 must be performed immediately otherwise the client will not be able to connect to the primary server.
  12. On all DNS servers, manually add a Host (A) record and reverse pointer record for the primary server address. Confirm that all clients are able to connect to the primary server.
  13. On the secondary server, set the Neverfail R2 Server service to Manual. Power down and relocate the secondary server to the remote DR site.
  14. On the secondary server (now at the remote DR site) connect the principal and SolarWinds Channel network cables and power up.
  15. On the primary server, add a persistent route for the secondary server's SolarWinds Channel connection. 
    Note: In a WAN implementation, persistent routes for SolarWinds Channel communications must be added to both primary and secondary servers. The persistent routes ensure that any communication with the SolarWinds Channel network is in fact established via the physical SolarWinds Channel NICs.
    To add persistent routes:
    1. Open Routing and Remote Access from Administrative Tools.
    2. Select the server name, then from the Action menu select Configure and Enable Routing and Remote Access to launch the configuration wizard.
    3. Select Custom Configuration > LAN routing and verify that the RRAS service is started.
    4. Select the server again, navigate to IP Routing and select Static Routes.
    5. From the Action menu select New Static Route.
    6. From the dropdown, select the channel interface and enter the destination SolarWinds Channel IP followed by the mask 255.255.255.255 and the source machine gateway.
    7. Test the channel routing using the following command to ensure that all the packets will be sent using the SolarWinds Channel IP and not the principal IP.
      pathping -n Channel_IP 
      Note: For a trouble free WAN implementation, SolarWinds recommends using RRAS for implementing static routes. Avoid using the interface ID when creating static routes using the route command because the interface ID is dynamic and increments each time a server is restarted or a NIC is disabled/enabled, and this change will make the route invalid.
  16. On the secondary server, add a persistent route for the primary server's SolarWinds Cannel connection using the instructions above.
  17. On the primary server, confirm that the server can route the packets correctly to the secondary server SolarWinds Channel address using the pathping command.
  18. On the secondary server, confirm that the server can route the packets correctly to the primary Server SolarWinds Channel address using the pathping command.
  19. On the primary server, enable the Compression Manager:
    1. In a command prompt window, browse to the Orion Failover Engine installation directory, under SolarWinds\FoE\R2\bin.
    2. Type the following command (case-sensitive): 
      nfconfigtool SetIsLowBandwidth PRIMARY SECONDARY true
    3. Close the command prompt window.
  20. On the primary server, using the Orion Failover Engine system tray icon, select Start Orion Failover Engine.
  21. On the primary server, update the Server Monitoring ping routing configuration:
    1. In the SolarWinds Orion Failover Manager, select Server: Monitoring
    2. Click Configure Pings.
    3. Select the Ping Routing tab.
    4. Update the primary and secondary IP addresses to match the new IP scheme implemented in the steps above. Update both the Ping From and Ping To fields.
  22. On the primary Server, add two Network Configuration tasks that execute the example below, as follows:
    Note: By default, DNSUpdate requires DNS to be integrated into Active Directory. If this is not the case, please see SWREFID - 1938 How to Configure DNS With Orion Failover Engine in a WAN Environment.
    1. For the primary server, select Primary radio button
      DNSUpdate -auto
    2. Click Run As and select from the menu the Domain Account previously configured in the User Accounts dialog.
    3. For the secondary server, select Secondary radio button.
      DNSUpdate -auto
    4. Click on Run As and select the Domain Account previously configured in the User Accounts dialog.
  23. On the Server: Monitoring tab, click Configure Pings, select the Ping Routing tab, edit Primary to Secondary and Secondary to Primary sections to update these with the new SolarWinds Channel IPs, and then click OK.
  24. Select the Server: Monitoring screen, click Configure Failover and clear the first two items in the list, and then click OK.
  25. Select the Network tab and click Configure Pings.
  26. Select the Ping Routing tab, and in the Ping targets from Primary server section, update Target 3. (By default, Orion Failover Engine uses the first DNS server configured in the TCP/IP Properties of the secondary for Target 3.)
  27. Update the Ping targets from Secondary server section with site appropriate targets. (By default Orion Failover Engine uses the Gateway IP used in RRAS when the static route for this server was configured for Target 1, the first DNS server configured in TCP/IP Properties of the secondary for Target 2, and the first DNS server configured in the TCP/IP Properties of the primary for Target 3.)
  28. On the secondary server, set the Neverfail Server R2 service back to Automatic. Click the Orion Failover Engine system tray icon, select Orion Failover Engine.
  29. Allow the initial synchronization process to complete.
  30. Follow the Acceptance Verification section of the SolarWinds Orion Failover Engine Quick Start Guide.

 

Last modified
19:29, 22 Jun 2016

Tags

Classifications

Public