How to properly organize ESXi fault tolerance?

V

Vladimir Kivva2017-05-17 07:04:53

linux

Vladimir Kivva, 2017-05-17 07:04:53

Hello, I have 2 servers with ESXi 6.0, one is normal, the second is behind a gray network, but in front of it is a router where you can set up a VPN. The first server is at Hetzner's, the second is in the basement. The second one is planned to be made a backup in order to switch to it in case of problems with the base. Inside of the services: a terminal server, muscle and 1C with a file, the usual structure of a small business. What is the best way to organize fault tolerance, if only one of the servers has a white address?
Firstly, at first I would like to bring servers into the sphere, at first it seemed that it would be necessary to forward heaps of ESXi ports, etc., but while writing this post, I realized that the sphere server itself can be put on standby, and we will save resources and we can easily contact the reserve at the gray address (does the Cluster need to communicate with each other with white addresses in both directions?). If this fails, then I plan to rent a virtual machine on KVM from some Aihor for 200 rubles / month, raise an openvpn server, set up a DMZ in a backup server through a tunnel, thus. providing him with a supposedly white IP. Then, write in the iptables of this virtual machine the direction of RDP to the Main server and comment it if necessary. Actually, are there any smoother ways to solve the problem and bring everything into a divine form? I do not like, that users in this case will definitely have to run through the tunnel. Or is it possible to write a rule by which a vpn-virtualka will redirect user packets without a tunnel to the main server, and in the event of an emergency wrap them in a backup one? All the same, an extra node in the chain is obtained. Again, you can order a redirect service on Khentser itself, there was something like that, turn it on in case of an emergency. Share your experience, please.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

H

huwesu, 2017-05-17
@huwesu

And it’s not easier to call the provider and ask how much a white address costs.
Will they charge you 100 rubles a month for an additional white address, and will it work more stable and faster than through the "virtual machine on iHora"?
You don't want to solve the problem.
Most likely you will not have the problem of "transferring clients to another server", which is simply solved by at least two shortcuts on their desktops,
but a much bigger problem will be that if one server fails, you will not have CURRENT DATA on the second one.
That is, the servers need to be synchronized.
This is a problem, so a problem, given the volume of data and the narrowness of the channels and the unpredictability of decommissioning one of the servers.
And the gateway-switch between servers is nonsense in comparison with the main problem.

A

athacker, 2017-05-17
@athacker

White people usually do the opposite - they use their own capacities mainly, and other people's data centers as a reserve in case of a nuclear war. This is the first.
Second. You are going to 1C over the WAN channel to replicate 1C. How many users of 1C in total? 1, 10, 100?
Third. vSphere for replication, vMotion and other similar operations requires delays no more than N ms. Check if you can meet the network requirements at the proper level. Otherwise, it would not be necessary to build stretched clusters on guest technologies (MS SQL, for example, if the base is 1C in MS SQL).
Well, the 4th - it is not at all clear why a server in another country should be chosen for the reserve, and even sticking directly to the Internet.