Summary
The article describes how to set up MachPanel in High Availability / Load Balanced mode.
Applies To
This article applies to all build versions of MachPanel.
MachPanel Installation for Control Server & Load Balanced Deployment
Below is the link for MachPanel Control Server Installation:
https://kb.machsol.com/Knowledgebase/50261/-MachPanel-Control-Server-Installation
Load Balanced Deployment of MachPanel Server:
https://kb.machsol.com/Knowledgebase/53429/Load-Balanced-Deployment-of-MachPanel
Details:
MachPanel offers complete automation whether you have standalone, highly available or multi-datacenter deployment.
There are two aspects in achieving high availability setup.
- Setting up high availability for MSSQL database.
- Setting up high availability for MachPanel Web Portal.
1 – Setting up high availability for MSSQL Database:
You can set up MSSQL Server in any type of HA mode (Always-On, Clustering, Mirror etc.) over 2 or more Servers. This part is customer responsibility as you need to set up appropriate infrastructure for MSSQL to be deployed in High Availability Mode.
It is required that the MSSQL server is installed with mixed mode security and with below specified collation along with management tools (MSSQL Management Studio). After this just provide us details like SQL Cluster Name, Server Admin name (if its other than SA), and its Password, so that it can be specified in the MachPanel installer and it can create MachPanel database on the it.
Database Requirements:
It is best to have MSSQL 2022, but older version like MSSQL 2019 and 2017 will also work. It MUST be installed by selecting English as Language and with below details/requirements.
MSSQL Server Requirements:
- Security Mode: Mixed Mode (allows both windows and SQL Authentication)
- SQL Collation: SQL_Latin1_General_CP1_CI_AS
- Lastly, Install SQL Server Management Studio 18
NOTE: The SQL Server Collation MUST be SQL_Latin1_General_CP1_CI_AS for ANY Version of SQL Server. You will have to change this later on your own if this is not set up properly at start. Also it's necessary to have SQL in ENU for any version in case of Typical installation.
https://kb.machsol.com/Knowledgebase/55737/Installation-Guide-for-SQL-Server-2019-
2 – Setting up high availability of MachPanel Web Portal:
You can simply set up 2 or more windows server machines with identical specifications and hardware, then provide access to MachSol Support Team and our team will do the rest. We will deploy the panel in Primary Mode on one of them, and on 2nd, 3rd and so on, we will setup the panel in Secondary Mode.
On the network load balancer, you need to configure your desired load balancing mode, set up a URL that can route to any one of the MachPanel Web Portal servers, and share the information with us. If the Panel needs to be accessed over SSL, provide the SSL .PFX file with password so we can install the SSL for you on the control panel.
MachPanel Portal System Requirements:
Number of MachPanel Web Portal machines = Minimum 2 (Both machines will serve as the MachPanel web interface servers).
Below is the logical diagram displaying how MachPanel Web Portal will communicate with others in High Availability mode.
Network Load Balancer Rules:
Below is brief configuration example for Load Balancer:
Details:
The recommended approach is to monitor MachPanel Web Portal machines availability using port 443.
URL Example: https://machpanel.yourdomain.com/auth/loging.aspx
Below are two possible scenarios which will assist to apply load balancer network rules.
|
Scenario 1: Sticky Session Enabled
|
Scenario 2: Sticky Session Disabled
|
Network Load Balanced Rule
|
If we are using sticky sessions, we can skip P2P setup (LB Setup for MachPanel) and continue using in-process sessions (use MachPanel servers as standalone servers). If a server goes down, user will get output from 2nd server but have to login again.
|
If we are NOT using sticky sessions, we have to perform LB / P2P setup (LB Setup for MachPanel). If a server goes down, user will get output from 2nd server and does not have to login again because sessions will be maintained via LB Setup.
|
Firewall Ports to Open
|
- Service Protocol: TCP / HTTPS
- Service Port: 443
- Customer Facing Port: 443
- Customer Facing Protocol: HTTPS
Load balancing algorithm:
- Requires Persistency: Yes (Sticky Session Enabled)
- Require SSL: Yes
|
- Service Protocol: TCP / HTTPS
- Service Port: 443
- Customer Facing Port: 443
- Customer Facing Protocol: HTTPS
Load balancing algorithm:
- Requires Persistency: No (Sticky Session Disabled)
- Require SSL: Yes
|
Between MachPanel Web Portal Servers
|
- Service Protocol: TCP
- Service Ports: 80 or 443, 7860
- Direction: Both Inbound and Outbound.
|
- Service Protocol: TCP
- Service Ports: 80 or 443, 7860, (42424, 42425, 42426, and so on.)
- Direction: Both Inbound and Outbound.
|
Between MachPanel Web Portal and Database Servers
|
- Service Protocol: TCP
- Service Ports: 1433, 1434
- Direction: Both Inbound and Outbound.
|
- Service Protocol: TCP
- Service Ports: 1433, 1434
- Direction: Both Inbound and Outbound.
|
Between MachPanel Web Portal and MachPanel Remote Servers (Servers to be managed by MachPanel like Exchange Servers)
|
- Service Protocol: TCP
- Service Ports: 7860
- Direction: Both Inbound and Outbound.
|
- Service Protocol: TCP
- Service Ports: 7860
- Direction: Both Inbound and Outbound.
|
Testing Mechanism:
Suppose we have 2 MSSQL Servers (DB01 and DB02 and the HA Listener is “MachPanel_DB_HA_Listener”) and 2 MachPanel Web Portal Server (App01 and App02):
Testing MSSQL High Availability:
Failover the MachPanel_Db database between servers and see if MachPanel keeps working using the Always On Listener Address specified during setup.
Testing MachPanel Web Portal High Availability:
- Open MachPanel Web Portal from a machine outside of the Load Balancer using the URL configured to point to both load balanced web portal servers.
- Shutdown App01 machine and access panel. It should keep working from App02 machine.
- Then shutdown App02 machine and access panel. It should keep working from App01 machine.