Farm cluster with network load balancing and failover on Windows and Linux

Evidian SafeKit

How the Evidian SafeKit software simply implements a network load balancing cluster without network load balancers or dedicated proxy servers

The SafeKit farm cluster implements a network load balancing cluster among several servers. It provides a simple solution to critical application scalability and high availability.

In a network load balancing cluster, the same application runs on each server, and the load is balanced by the distribution of network activity on the different servers of the farm. This type of cluster is suited to front-end applications like web services.

The SafeKit software saves the cost of hardware load balancers. It does not require specific servers above the farm for implementing the network load balancing cluster.

Farm cluster - A network load balancing cluster with failover on Windows and Linux

For server in the same subnet, the network load balancing is very efficiently implemented by a network filter driver. This driver works on Windows and Linux (even on Windows editions for PCs). For servers in different subnets, SafeKit offers a health check which can be configured at the level of a load balancer: see the article on how a load balanced virtual IP address works.

SafeKit provides a generic farm module on Windows and Linux to build a network load balancing cluster. You can write your own farm module for your application starting from the generic farm module. Apache and Microsoft IIS are examples of farm modules.

Combined with the farm cluster, you can also implement a mirror cluster with real-time file replication and failover.

How the SafeKit farm cluster works?

Principle of a virtual IP address in a network load balancing cluster for servers in the same subnet

The virtual IP address is configured locally on each server in the network load balancing cluster.

The input traffic for the virtual IP address is received by all the servers and split among them by a filter inside each server's kernel.

The network load balancing algorithm inside the filter is based on the identity of the client packets (client IP address, client TCP port). Depending on the identity of the client packet input, only one filter in a server accepts the packet; the other filters in other servers reject it.

Once a packet is accepted by the filter on a server, only the CPU and memory of this server are used by the application that responds to the request of the client. The output messages are sent directly from the application server to the client.

If a server fails, the SafeKit membership protocol reconfigures the filters in the network load balancing cluster to re-balance the traffic on the remaining available servers.

Note that a comparison between Microsoft NLB and SafeKit network load balancing is available here.  And note that SafeKit network load balancing is working not only on Windows (including Windows editions for PCs) but also on Linux.

Stateful or stateless web services in a network load balancing cluster

With a stateful server, there is session affinity. The same client must be connected to the same server on multiple HTTP/TCP sessions to retrieve its context on the server. In this case, the SafeKit load balancing rule is configured on the client IP address. Thus, the same client is always connected to the same server on multiple TCP sessions. And different clients are distributed across different servers in the farm. This configuration is used when there are session affinities.

With a stateless server, there is no session affinity. The same client can be connected to different servers in the farm on multiple HTTP/TCP sessions; because there is no context stored locally on a server from one session to another. In this case, the SafeKit load balancing rule is configured on the TCP client session identity. This configuration is the one which is the best for distributing sessions between servers, but it requires a TCP service without session affinity.

If you are also interested by real-time replication and failover in a mirror cluster, read this article.

SafeKit High Availability Differentiators against Competition

Key differentiators of a farm cluster with load balancing and failover

Evidian SafeKit farm cluster with load balancing and failover

No load balancer or dedicated proxy servers or special multicast Ethernet address  No load balancer or dedicated proxy servers

Like   The solution does not require load balancers or dedicated proxy servers above the farm for imlementing load balancing. SafeKit is installed directly on the application servers in the farm. The load balancing is based on a standard virtual IP address/Ethernet MAC address and is working with physical servers or virtual machines on Windows and Linux without special network configuration

Dislike  This is not the case with network load balancers

Dislike  This is not the case with dedicated proxies on Linux

Dislike  This is not the case with a specific multicast Ethernet address on Windows

All clustering features  All clustering features

Like  The solution includes all clustering features: virtual IP address, load balancing on client IP address or on sessions, monitoring of server/network/software failures, automatic application restart with a quick revovery time and a replication option with a mirror module

Dislike  This is not the case with other load balancing solutions. They are able to make load balancing but they do not include a full clustering solution with restart scripts and automatic application restart in case of failure. They do not offer a replication option

Like   The cluster configuration is very simple and made by means of application modules. There is no domain controller or active directory to configure on Windows. The solution works on Windows and Linux

Remote sites and virtual IP address  Remote sites

Like   If servers are connected to the same IP network through an extended LAN between remote sites, the virtual IP address of SafeKit is working with load balancing at level 2

Like   If servers are connected to different IP networks between remote sites, the virtual IP address can be configured at the level of a load balancer. SafeKit offers a health check: the load balancer is configured with a URL managed by SafeKit which returns OK on the UP servers and NOT FOUND else. This solution is implemented for SafeKit in the Cloud but it can be also implemented with a load balancer on premise. Thus you can implement load balancing but also all the clustering features of SafeKit including an easy administration of the cluster through the SafeKit web console

Uniform high availability solution  Uniform high availability solution

Like  SafeKit imlements a farm cluster with load balancing and failover. But it implements also a mirror cluster with replication and failover. Thus a N-tiers architecture can be made highly available and load balanced with the same solution on Windows and Linux (same installation, configuration, administration with the SafeKit console or with the command line interface). This is unique on the market

Dislike  This is not the case with an architecture mixing different technologies for load balancing, replication and failover

Evidian SafeKit mirror cluster with real-time file replication and failover

All clustering features  All clustering features

Like  A SafeKit cluster runs on Windows and Linux without the need for expensive shared or replicated disk bays

Like  SafeKit includes all clustering features: synchronous real-time file replication, monitoring of server/network/software failures, automatic application restart, virtual IP address switched in case of failure to reroute clients

Dislike  This is not the case with replication-only solutions like replication at the database level which implements only replication

Like   The cluster configuration is very simple and made by means of application modules. There is no domain controller or active directory to configure as with Microsoft cluster

Like  SafeKit implements quick application restart in case of failure: around 1 mn or less (see RTO/RPO here)

Dislike  Quick application restart is not ensured with full virtual machines replication. In case of hypervisor failure, a full VM must be rebooted on a new hypervisor with a recovery time depending on the OS reboot as with VMware HA or Hyper-V cluster

Synchronous replication  Synchronous replication

Like  The real-time replication is synchronous with no data loss on failure

Dislike  This is not the case with asynchronous replication

Fully automated failback procedure  Automatic failback

Like  After a failure when a server reboots, the replication failback procedure is fully automatic and the failed server reintegrates the cluster without stopping the application on the only remaining server

Dislike  This is not the case with most replication solutions particularly with replication at the database level. Manual operations are required for resynchronizing a failed server. The application may even be stopped on the only remaining server during the resynchonization of the failed server

Replication of any type of data 

Like  The replication is working for databases but also for any files which shall be replicated

Dislike  This not the case for replication at the database level

File replication vs disk replication  File replication vs disk replication

Like  The replication is based on file directories that can be located anywhere (even in the system disk)

Disike  This is not the case with disk replication where special application configuration must be made to put the application data in a special disk

File replication vs shared disk  File replication vs shared disk

Like  The servers can be put in two remote sites

Dislike  This is not the case with shared disk solutions

Remote sites and virtual IP address  Remote sites

Like  All SafeKit clustering features are working for 2 servers in remote sites. Performances of replication depends on the interconnect latency for real-time synchronous replication and on the bandwidth for resynchronizing data on a failed server

Like  If both servers are connected to the same IP network through an extended LAN between two remote sites, the virtual IP address of SafeKit is working with rerouting at level 2

Like  If both servers are connected to two different IP networks between two remote sites, the virtual IP address can be configured at the level of a load balancer. SafeKit offers a health check: the load balancer is configured with a URL managed by SafeKit which returns OK on the primary server and NOT FOUND else. This solution is implemented for SafeKit in the Cloud but it can be also implemented with a load balancer on premise

Quorum  Quorum

Like  With remote sites, the solution works with only 2 servers and for the quorum (network isolation), a simple split brain checker to a router is offered to support a single execution

Like  This is not the case for most clustering solutions where a 3rd server is required for the quorum

Active/active cluster  Active active mirror cluster

Like  The secondary server is not dedicated to the restart of the primary server. The cluster can be active-active by running 2 different mirror modules

Dislike  This is not the case with a fault-tolerant system where the secondary is dedicated to the execution of the same application synchronized at the instruction level

Uniform high availability solution  Uniform high availability solution

Like  SafeKit implements a mirror cluster with replication and failover. But it imlements also a farm cluster with load balancing and failover. Thus a N-tiers architecture can be made highly available and load balanced with the same solution on Windows and Linux (same installation, configuration, administration with the SafeKit console or with the command line interface). This is unique on the market

Dislike  This is not the case with an architecture mixing different technologies for load balancing, replication and failover

High availability architectures comparison

Feature

SafeKit cluster

Other clusters

Software clustering vs hardware clustering  A software cluster with SafeKit installed on two servers

Like  A simple software cluster with the SafeKit package just installed on two servers		 Hardware clustering with external shared storage Network load balancers or dedicated proxy servers



Dislike  Complex hardware clustering with external storage or network load balancers
Shared nothing vs a shared disk cluster  SafeKit shared-nothing cluster: easy to deploy even in remote sites

Like  SafeKit is a shared-nothing cluster: easy to deploy even in remote sites		 Shared disk cluster: complex to deploy

Dislike  A shared disk cluster is complex to deploy
Application High Availability vs Full Virtual Machine High Availability 

Like  Application HA supports hardware failure and software failure with a quick recovery time (RTO around 1 mn or less).
Smooth upgrade of application and OS possible server by server (version N and N+1 can coexist)		 Virtual machines high availability supports only hardware failure with an recovery time depending on the OS reboot

Dislike  Full virtual machines HA supports only hardware failure with a VM reboot and a recovery time depending on the OS reboot.
Smooth upgrade not possible
High availability vs fault tolerance SafeKit high availability vs fault-tolerance

Like  No dedicated server with SafeKit. Each server can be the failover server of the other one.
Software failure with restart in another OS environment.
Smooth upgrade of application and OS possible server by server (version N and N+1 can coexist)		 Fault tolerance system

Dislike  Secondary server dedicated to the execution of the same application synchronized at the instruction level.
Software exception on both servers at the same time.
Smooth upgrade not possible
Synchronous replication vs asynchronous replication 

Like  SafeKit implements real-time synchronous replication with no data loss in case of failure		 Asynchronous replication with data loss on failure

Dislike  With asynchronous replication, there is data loss on failure
Byte-level file replication vs block-level disk replication  SafeKit cluster with byte-level file replication: simply replicates directories even in the system disk

Like  SafeKit implements real-time byte-level file replication and is simply configured with application directories to replicate even in the system disk		 Cluster with block-level disk replication: complex and require to put application data in a special disk

Dislike  Block-level disk replication is complex to configure and requires to put application data in a special disk
Heartbeat, failover and quorum to avoid 2 master nodes  Simple quorum in a SafeKit cluster with a split brain checker configured on a router

Like  To avoid 2 masters, SafeKit proposes a simple split brain checker configured on a router		 Complex quorum in other clusters: third machine, special quorum disk, remote hardware reset

Dislike  To avoid 2 masters, other clusters require a complex configuration with a third machine, a special quorum disk, a special interconnect
Virtual IP address
primary/secondary, network load balancing, failover  		No special network configuration in a SafeKit cluster

Like  No dedicated proxy servers and no special network configuration are required in a SafeKit cluster for virtual IP addresses		 Special network configuration in other clusters

Dislike  Special network configuration is required in other clusters for virtual IP addresses. Note that SafeKit offers a health check adapted to load balancers

SafeKit Modules for Plug&Play High Availability Solutions

SafeKit Modules for Plug&Play High Availability Solutions

Network load balancing and failover: click on the blue buttons

Farm modules

Windows

Linux

New application
IIS-
Apache
Amazon AWS farm
Microsoft Azure farm
Google GCP farm
Cloud generic farm

Real-time file replication and failover: click on the blue buttons

Mirror modules

Windows

Linux

New application
Microsoft SQL Server-
Oracle
MySQL
PostgreSQL
Firebird
Hyper-V-
KVM-
Docker-
Elasticsearch-
Milestone XProtect-
Genetec SQL Server-
Hanwha Wisenet SSM-
Nedap AEOS-
Amazon AWS mirror
Microsoft Azure mirror
Google GCP mirror
Cloud generic mirror

Demonstrations of SafeKit High Availability Software

SafeKit Webinar

This webinar presents in 10 minutes Evidian SafeKit.

In this webinar, you will understand:

  • mirror and farm clusters
  • cost savings against hardware clustering solutions
  • best use cases
  • the integration process for a new application

Microsoft SQL Server Cluster

This video shows a mirror module configuration with synchronous real-time replication and failover.

The file replication and the failover are configured for Microsoft SQL Server but it works in the same manner for other databases.

Free trial here

Apache Cluster

This video shows a farm module configuration with load balancing and failover.

The load balancing and the failover are configured for Apache but it works in the same manner for other web services.

Free trial here

Hyper-V Cluster

This video shows a Hyper-V cluster with full replications of virtual machines.

Virtual machines can run on both Hyper-V servers and they are restarted in case of failure.

Free trial here