Resiliency - Installation - Prerequisites
MOVEit DMZ Resiliency requires:
- Two computers to act as MOVEit DMZ database nodes. These computers must be running the same version of Windows Server 2000 or 2003.
- Optional: Additional computers to act as MOVEit DMZ application nodes. (A MOVEit DMZ application node provides only web, secure FTP, and SSH services; it does not host or replicate the configuration and logging database.) (See "Resiliency - Architecture")
- A reliable file server (NAS) to hold the file system used by all MOVEit DMZ nodes. The NAS should NOT simply be a share on one of the two MOVEit DMZ application servers; the NAS should be a third box which does not run any MOVEit software at all. The operating system of the NAS is not important; most systems that can make its content available through Windows file shares will do (see special section about SAN connectivity).
- A network load-balancer such as a
Cisco Content Switch or
Windows Network Load Balancing Services.
This is the device to which users will actually connect; the load-balancer will then forward requests to one of the actual MOVEit DMZ servers.
- MOVEit DMZ and MOVEit DMZ Resiliency installation software for each MOVEit DMZ node. This software will be installed on each node in the cluster so downloading a local copy in advance of the installation is best.
The major version of MOVEit DMZ Resiliency software should match the major version of the MOVEit DMZ software.
- A reliable time server that all nodes (and probably the NAS) can access over the network.
MOVEit DMZ Resiliency requires that all MOVEit DMZ nodes agree on the current time so that
failover services can make accurate judgements about how long various services
have not been available. If all nodes will be a member of a domain, this will not be necessary as
domain members are automatically time synchronized with the domain controller. Otherwise, a time server
will be needed during the MOVEit DMZ Resiliency installation process.
NOTE: Avoid using a Windows Server 2003 host as a time server. Bugs in the time server software
for this version of Windows prevent it from being a reliable time source.
- A valid SSL server certificate for each MOVEit DMZ node. Some certificate issuing authorities (CA's) require a license for each distinct server on which a certificate is installed, but MOVEit DMZ Resiliency works best if the SSL server certificates used on each server are identical copies of an original. If you are using a test certificate, you can install it on each server, or you can export and import it from one server to the rest.
(The "Send Certificates" button on the DMZ Config's Resiliency Advanced tab can be used to copy SSL server certificates between nodes;
see also "System Configuration - SSL and SSH - SSL - Server Certs - Backing Up".)
- A MOVEit DMZ license code which authorizes both the use of MOVEit DMZ Resiliency and a certain number of MOVEit DMZ nodes.
The same license code will be used across all nodes.
Installation Worksheet
A printable "Resiliency - Installation - Worksheet" is also available
to help clarify information that will be useful during the coming installation.
Coming up with answers to all the questions posed on the worksheet could also be
considered a necessary prerequisite.
The MOVEit DMZ Resiliency installation procedure will require you to
install MOVEit DMZ on each node before attempting to install MOVEit DMZ
Resiliency on that node. The current procedure calls for you to
copy the "MOVEitDMZ_Install.INI" from Node 1 to other nodes to ensure
subsequent installations use the same paths, passwords, etc., but there
are some additional precautions you should take when installing
MOVEit DMZ and MOVEit DMZ Resiliency.
- Before you install MOVEit DMZ, make sure all your drives have been partitioned correctly on all nodes.
(For example, make sure a "D:" drive exists on all MOVEit DMZ nodes if you expect to use one.)
- Use the same Windows administrator username/password when installing MOVEit DMZ and
MOVEit DMZ Resiliency from the console.
It was mentioned above that the MOVEit DMZ Resiliency installation
requires certain MOVEit DMZ parameters to share the same values across nodes.
More specifically, the MOVEit DMZ Resiliency installation assumes:
- All nodes have identical server operating systems and identical, or nearly identical, hardware configurations.
- MOVEit DMZ version 3.3 or later is installed and all drive letters and folder paths used in the MOVEit DMZ installations are identical across all nodes.
- The console sessions used for installation are logged in with the same Windows administrator username and password on all nodes.
- All Web application folders ("wwwroot" and "MOVEitISAPI") and the root filesystem ("files") are sub-folders of the "non-web" directory path (e.g., "D:\MOVEitDMZ\" has a "D:\MOVEitDMZ\wwwroot" subfolder).
If these assumptions are not true, there are some parts of the installation process which will fail or need to be performed by hand.