ONTAP Discussions

Active directory load balancers and CIFS discovery process

krishgudd
1,822 Views

Dear Community Team,

I have a question about the domain controller discovery process if we have Active directory Load balancers in the environment and how it's going to behave in this scenario.

 In one of the customer environments, active directory load balancers are used and the traffic will be redirected to correct regions domain controllers. In this case, the load balancer's IP addresses are added as preferred DC's. The added load balancers IP's are not Domain controllers so the CIFS discovered servers will show as unavailable and as per the theory of domain controller discovery, the available DC's will be selected based on query process/procedure. In this scenario, does adding the load balancer IPs to prefdc will redirect the requests to the correct domain controller? From my knowledge, I don't think so, as it won't find the correct SRV record as the load balancers are not of that type (Correct SRV records. )

 

What is the ideal method to use if we have load balancers (Active directory)

 

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/What_is_Domain_Controller_Discovery

 

Regards,

Krishgudd

1 ACCEPTED SOLUTION

shamz
1,673 Views

You don't really win anything by using loadbalancers with operating systems that keep track of which Domain Controllers are in their location and available. ONTap is smart enough to figure all of this out. The number of authentication lookups isn't decreased with the use of a loadbalancer. They might be distributed a bit differently, but mostly loadbalancers in front of DC's are used for a smoother failover of authentication for applications that don't track DC availability and need other mechanisms to make up for their simplicity.

 

I understand the desire to use them for applications that are not complex enough to do this and this is perhaps where the only real advantage comes from and only for these applications. 

 

I would suggest you argue against putting any such solution between NetApp NAS systems and actual domain controllers. I sort of doubt the remaining Windows systems are using these loadbalancers. Simply argue for that the NetApp NAS system behaves like a normal Windows server with regards to communication with AD.

View solution in original post

2 REPLIES 2

Ontapforrum
1,787 Views

Interesting question, and I agree with your comments that it will not work (wondering how SPN translation could go haywire). Config on Ontap,  automatically discovers domain controllers through DNS. Optionally, you can add one or more domain controllers to the list of preferred domain controllers for a specific domain that's it. I don't know if any other non-Microsoft platform can do that without additional layer of complexity.


Ontap has DNS load balancing but then this is different. Domain Name System (DNS) load balancing is a method by which administrators can be sure that clients accessing SVM Data LIFs are accessing them in a manner that does not overload individual LIFs.

How to set up DNS load balancing in ONTAP
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_set_up_DNS_load_balancing_in_ONTAP

shamz
1,674 Views

You don't really win anything by using loadbalancers with operating systems that keep track of which Domain Controllers are in their location and available. ONTap is smart enough to figure all of this out. The number of authentication lookups isn't decreased with the use of a loadbalancer. They might be distributed a bit differently, but mostly loadbalancers in front of DC's are used for a smoother failover of authentication for applications that don't track DC availability and need other mechanisms to make up for their simplicity.

 

I understand the desire to use them for applications that are not complex enough to do this and this is perhaps where the only real advantage comes from and only for these applications. 

 

I would suggest you argue against putting any such solution between NetApp NAS systems and actual domain controllers. I sort of doubt the remaining Windows systems are using these loadbalancers. Simply argue for that the NetApp NAS system behaves like a normal Windows server with regards to communication with AD.

Public