Security and Manageability
Updated: January 1, 2003
Applies To: Windows Server 2003 with SP1
Use Network Load Balancing Manager to configure NLB clusters. You can configure many Network Load Balancing options through either Network Load Balancing Manager or the Network Load Balancing Properties dialog box accessed through Network Connections. However, Network Load Balancing Manager is the preferred method. Using both Network Load Balancing Manager and Network Connections together to change Network Load Balancing properties can lead to unpredictable results. Only Windows Server 2003 NLB clusters can be configured by NLB manager. You can however manage clusters that contain both Windows Server 2003 and Windows 2000 or NT 4.0 servers.
Ensure that applications that are load balanced are properly secured. The NLB security domain does not extend to applications. As such NLB will be totally unaware if security at the applications level is compromised.
Use two or more network adapters in each cluster host if you would like to separate management functions from regular operations. Two network adapters, is not however a default requirement.
Command line tool for managing NLB is "nlb.exe". NLB.exe exposes a mechanism for setting up NLB configuration parameters thru the command line. There are 2 additional configuration points not exposed but can be useful for monitoring NLB state. They are queryport and params Nlb.exe queryport retrieves the state of a given port rule using the same syntax as the enable/disable/drain command line options... the information returned includes the state of the port rule, enabled, disabled or draining if the port rule is found or an indication that the port rule was not found... if found, it also returns a count of packets accepted and dropped on that port rule. Nlb.exe - params retrieves the NLB configuration just the same as "nlb display", but rather than retrieving it from the registry, it queries it directly from the kernel-mode driver - this is the CURRENT state of NLB (the registry shows what the NEXT state of NLB would be if a reload or some other operation causing the driver to read the registry was performed - the registry MAY or MAY NOT be the current state of NLB)
Enabling remote control has security implications and the user must ensure that the NLB cluster is secure (behind a firewall) if remote control is enables. The remote control mechanism uses the UDP protocol and is assigned port 2504. Remote control datagrams are sent to the clusters primary IP address. Since the Network Load Balancing driver on each cluster host handles them, these datagrams must be routed to the cluster subnet (instead of to a back-end subnet to which the cluster is attached). When remote control commands are issued from within the cluster, they are broadcast on the local subnet. This ensures that all cluster hosts receive them even if the cluster runs in unicast mode. As such the subnet the NLB clusters are hosted on should be secure. If remote control is enabled users can use nlb.exe to remotely manage their clusters.