IIS Load Balancing and Failover

Evidian SafeKit brings network load balancing and failover to Microsoft IIS. This article explains how to implement quickly a IIS load balancing cluster without network boxes or dedicated load balancing servers. A free trial is offered.

How the Evidian SafeKit software simply implements IIS load balancing and failover without network load balancers or dedicated servers

How the Evidian SafeKit farm cluster implements IIS load balancing and failover?

On the previous figure, IIS is running of the 3 servers. Users are connected to a virtual IP address which is configured locally on each server. The input traffic for the virtual IP address is received by all the servers and split among them by a filter inside each server's kernel.

The network load balancing algorithm inside the filter is based on the identity of the client packets (client IP address, client TCP port). Depending on the identity of the client packet input, only one filter in a server accepts the packet; the other filters in other servers reject it.

Once a packet is accepted by the filter on a server, only the CPU and memory of this server are used by IIS that responds to the request of the client. The output messages are sent directly from the IIS server to the client.

If a server fails, the SafeKit membership protocol reconfigures the filters in the network load balancing cluster to re-balance the traffic on the remaining available servers.

Note that SafeKit works in VMware environments without the Microsoft NLB problems of unicast and muticast modes.  And note also that SafeKit network load balancing is working not only on Windows (including Windows editions for PCs) but also on Linux.

Configuration overview of ISS load balancing and failover

With SafeKit, you can configure either a farm application module or a mirror application module according the high availability architecture suited for an application. For IIS load balancing and failover, the right module is the farm module.

Configuration overview of IIS load balancing and failover

The configuration files for IIS load balancing and failover are given for Windows here.

They include:

1. the IIS stop and start scripts,

2. the configuration file userconfig.xml which contains:

Deployment of IIS load balancing and failover requires no specific IT skills:

    • install IIS on two standard Windows servers (or more)
    • install the SafeKit software on both servers
    • install the iis_farm.safe module

SafeKit configuration files on Windows for IIS load balancing and failover

Installation instructions


<!DOCTYPE safe>
<macro name="VIRTUAL_IP" value="VIRTUAL_IP_TO_BE_DEFINED" />
<macro name="IIS_PORT" value="TCP_PORT_TO_BE_DEFINED" />
<service mode="farm" maxloop="3" loop_interval="24">
  <!-- Farm topology configuration for the membership protocol -->
  <!-- Names or IP addresses on the default network are set during initialization in the console -->
    <lan name="default" />
  <!-- Virtual IP Configuration -->
  <!-- Use VIRTUAL_IP defined in macro above -->
      <interface check="on" arpreroute="on">
        <virtual_interface type="vmac_directed">
          <virtual_addr addr="%VIRTUAL_IP%" where="alias"/>
      <group name="IIS">
        <!-- Set load-balancing rule on IIS_PORT defined in macro above -->
        <rule port="%IIS_PORT%" proto="tcp" filter="on_addr"/>
  <!-- TCP Checker Configuration -->
  <!-- Use VIRTUAL_IP and IIS_PORT defined in macros above -->
    <tcp ident="HTTP_IIS" when="both">
  <!-- User scripts activation -->
  <user nicestoptimeout="300" forcestoptimeout="300" logging="userlog" />


@echo off

rem Script called on all servers for starting applications

rem For logging into SafeKit log use:
rem "%SAFE%\safekit" printi | printe "message"

rem stdout goes into Application log
echo "Running start_both %*" 

set res=0

net start w3svc
if not %errorlevel% == 0 (
  %SAFE%\safekit printi "IIS start failed"
) else (
  %SAFE%\safekit printi "IIS started"

set res=%errorlevel%
if %res% == 0 goto end

set res=%errorlevel%
"%SAFE%\safekit" printe "start_both failed"

rem uncomment to stop SafeKit when critical
rem "%SAFE%\safekit" stop -i "start_both"



@echo off

rem Script called on all servers for stopping application

rem For logging into SafeKit log use:
rem "%SAFE%\safekit" printi | printe "message"

rem ----------------------------------------------------------
rem 2 stop modes:
rem - graceful stop
rem   call standard application stop with net stop
rem - force stop (%1=force)
rem   kill application's processes
rem ----------------------------------------------------------

rem stdout goes into Application log
echo "Running stop_both %*" 

set res=0

rem default: no action on forcestop
if "%1" == "force" goto end

%SAFE%\safekit printi "Stopping IIS..."
net stop w3svc

rem If necessary, uncomment to wait for the real stop of services
rem "%SAFEBIN%\sleep" 10

if %res% == 0 goto end

"%SAFE%\safekit" printe "stop_both failed"



This demonstration is made with Apache but the operating mode is the same as IIS.

More on SafeKit

Other examples of high availability modules:

Mirror modules



Microsoft SQL ServerWindows module-
OracleWindows moduleLinux module
MySQLWindows moduleLinux module
PostgreSQLWindows moduleLinux module
FirebirdWindows moduleLinux module
Hyper-VWindows module-
Hanwha SSMWindows module-
Milestone XProtectWindows module-
Generic moduleWindows moduleLinux module

Farm modules



IIS moduleWindows module-
Apache moduleWindows moduleLinux module
Generic moduleWindows moduleLinux module

Evidian SafeKit Pricing

White Papers


To receive Evidian news, please fill the following form.