I will demonstrate in this article how to configure Network Load Balancing with Internet Security & Acceleration Server 2006. This can be done once you have correctly installed and configured the core ISA & CS services on relevant servers; articles related to these have already been published.

In the Internal network "LAN" Properties; notice that Network Load Balancing is not enabled yet on this network adapter.
Note: Do not enable Network Load Balancing (NLB) in this dialog box. You enable and configure NLB from the ISA Server console. ISA Server manages the configuration of NLB, and overrides any manual NLB changes you may make outside of ISA Server.





Something to also notice is under ISA monitoring > Services tab. The NLB services are not listed.

Some Key pointers:

The intra-array network is used for communication between array members and should not be load balanced.

Network load balancing can be configured using ISA Server in NLB integrated mode, or through Windows Server 2003.

Integrated NLB: With feature enhancements of ISA integration.

Non-integrated NLB: The standard way of configuring NLB using Windows 2003 tools.

In this article we will only cover "Integrated NLB". However, if you choose to configure NLB without ISA Server NLB integration, none of the specific benefits of ISA Server load balancing will be available.

In some scenarios, such as NLB publishing scenarios, you might want to have multiple virtual IP addresses.

The dedicated IP address and the virtual IP address must belong to the same subnet and have the same subnet mask.

CARP and NLB can be enabled on the same network; however, this should only be done in organizations where browsers use automatic detection or a configuration script.

End User Experience:
Existing connections to a failing host are lost, but the services remain available. In most cases, client software automatically retries the failed connections, and the clients experience a delay of only a few seconds in receiving a response.
Note: You can either use any monitoring tools available in the market to test this real-time OR use MS NLB tools. I happen to use "Servers Alive".

Let me show you how this can be achieved.

 

Step 1: Open ISA Server Management console.

Step 2: In the ISA Server console, > Arrays > "EntArray" > Configuration > select Networks.

Step 3: In the right pane, select the Networks tab.



Step 4: In the task pane, on the Tasks tab, click Enable Network Load Balancing Integration.



Step 5: In the Network Load Balancing Wizard dialog box, click Next.



Step 6: On the Select Load Balanced Networks page > select Internal > click Set Virtual IP.

Note: If possible in this demo I will also show you how to enable NLB on the External network.

Step 7: In the Set Virtual IP Addresses dialog box, complete the following information:
Primary VIP: xxx.xxx.xxx.xxx Subnet mask: xxx.xxx.xxx.xxx and then click OK.

Note: The Network Load Balancing virtual IP (VIP) address is used / shared on both array members. The address must be in the same IP subnet as the dedicated IP addresses on ISA01 and ISA02 as discussed in [Part 1].

Step 9: On the Completing the Network Load Balancing Integration Wizard page, click Finish.







Ensure the servers are in sync and are accessible in the ISA MMC as indicated below in the screen shot. Please be patient as applying this change will take approx 5 / 10 minutes on all Array members this could take even longer depending on the performance of your hardware.




Lets again take a quick look at differences of the screen shots we had a look at the beginning of this article.

"Internal network" "LAN" Properties

ISA monitoring > Services tab.

In some circumstances any existing publishing rules might need to be removed and re-created if they don't work.

That's all it takes to enable NLB.