Securing NLB Solutions
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
The fact that your solution requires Network Load Balancing indicates that the applications and services are critical to the operations of your organization. The stability and integrity of your solution depend on how secure you make the resources that are used by the applications services. Besides protecting confidential data, the security that you include in your design ensures the stability of your applications and services. Use the features of Windows Server 2003 to protect the resources and applications running on cluster hosts. Plan security for your network load balancing solution immediately after determining the core specifications for your Network Load Balancing design, as illustrated in Figure 8.11.
Figure 8.11 Securing Network Load Balancing Solutions
For a Word document to assist you in documenting your security settings, see "NLB Cluster Host Worksheet" (Sdcnlb_1.doc) on the Windows Server 2003 Deployment Kit companion CD (or see "NLB Cluster Host Worksheet" on the Web at http://www.microsoft.com/reskit).
One of the most important methods of protecting resources and applications on Network Load Balancing clusters is to ensure that only authorized users can remotely manage your clusters. To remotely manage clusters, users must be members of the local Administrators group on every cluster host in the cluster.
Users who are members of the local Administrators group can administer Network Load Balancing locally, regardless of other restrictions.
Ensure that only authorized users can remotely manage clusters by following these practices:
Specify that remote management by using Nlb.exe be disabled on all cluster hosts.
By default, remote management through Nlb.exe is disabled on clusters. Remote administration by using Nlb.exe is not recommended, because this method presents many security risks, including the possibility of data tampering, denial-of-service attacks, and information disclosure.
If you choose to enable remote control for Nlb.exe, restrict access by specifying a strong remote-control password. Also, include a firewall to protect the Network Load Balancing UDP ports (the ports that receive remote control commands) by allowing access only to authorized client computers.
Specify that Network Load Balancing Manager be used for all administration.
Specify that administration be performed only from a secure, trusted computer that is within your organization’s private network or that is connected through a VPN remote access connection.
In addition to the security provided by restricting the administration of Network Load Balancing, you can further protect the applications, services, and confidential data on the cluster by using other Windows Server 2003 security features. These security features are specific to the applications and services running on the cluster. For more information about the security features provided by the applications and services running on the cluster, see the security content for the documents listed in "Additional Resources for Deploying Network Load Balancing" later in this chapter.