Configuring highly available FTP server on existing Windows Server 2008 failover cluster – without FTP dedicated storage
More than once I had to setup “light” FTP server after the failover cluster has been deployed and additional storage for FTP was not planned. Also, additional servers for highly available FTP were not an option. Microsoft has an article that describes how to configure highly available FTP site in a Windows Server 2008 failover cluster. The problem with that solution is that it requires additional available storage for your FTP site, and simply said it’s a bit complicated. I’ll show you how to quickly setup highly available FTP server on existing Windows Server 2008 failover cluster without FTP dedicated storage.
Please be careful that you don’t impact the performance of your database or any other clustered application by setting up high volume FTP server on existing shared disk. High volume FTP usually work with lot of files which can create a substantial load on your storage.
- Create domain user for FTP
- Create FTP root folder, user root folder and assign permissions
- Setup FTP IP address
- Create and configure FTP on each cluster node
- Make FTP server highly available
Make sure that IIS 7.0 is installed on each cluster node.
If you are using Windows Server 2008, do not include the “FTP Server” role, instead download and install FTP 7.5 from one of the following locations:
If you are using Windows Server 2008 R2 include the “FTP Server” role when installing IIS 7.0.
Create domain user for FTP:
In ADUC create user for FTP and assign them a least possible permissions on each cluster node.
Create FTP root folder, user root folder and assign permissions:
Make sure you are logged in to a cluster node that owns a cluster group with the storage where you will place your FTP root folder. Every FTP server needs a root folder and in our case we will need a subfolder structure for isolating users. The FTP server’s engine logs in a user according to a username. For domain users home folder will be: %FTPRoot%\%UserDomain%\%UserName%
Example: We created a domain user firstname.lastname@example.org and full path to its FTP home folder will be %FTPRoot%\MYDOMAIN\ftpuser.
After creating folders, for each user’s folder set the following properties:
- On Security tab under Advanced disable “Include inheritable permissions from this object’s parent”.
- Remove “Users” from “Group or user names” and add FTP user with appropriate access rights (This way you will ensure FTP user isolation).
Setup FTP IP address:
One of the things that makes your FTP server highly available is also the unique IP address regardless of which cluster node serves the clients. To create a unique IP for FTP server we have to create Client Access Point in a cluster group that owns a shared disk with FTP content. An access point is a name and associated IP address information that we will add as a resource to our cluster group. This IP address will “travel” with the cluster group and storage, making your FTP always accessible.
Create and configure FTP on each cluster node:
Open IIS Manager and follow this few basic steps for creating new FTP site.
Right click on Sites, than Add FTP site.
Give your FTP site name and enter physical path – it should point to FTP root folder previously created on shared drive.
Binding and SSL settings:
Under Authorization you can add multiple users (delimited with semicolon), or you can add them later. Each user will be logged to its own folder if you followed naming convention explained earlier.
After creating FTP site on the first node you need to configure FTP on the other cluster nodes. Using Appcmd.exe allows you to create FTP on the other nodes without need to failover a group. You need to failover if want to create FTP from IIS Manager, since it won’t see the shared storage on the other nodes. Of course, for the proper testing you will need to failover group with FTP storage and monitoring script to other node.
To export the FTP site settings (change “TestFTP” to the name of your FTP) run from command prompt:
%windir%\system32\inetsrv\AppCmd.exe LIST SITE “TestFTP” /config /XML > TestFTP.xml
To import the settings on another node:
%windir%\system32\inetsrv\AppCmd.exe ADD SITE /IN < TestFTP.xml
Most of the things can be scripted, but if you have two node failover cluster creating some things manually is faster (application pool, SSL certificates, bindings etc.). Please check that all the settings on the other cluster nodes match the active node. This can be done from IIS Manager once the FTP is created.
Make FTP server highly available:
The last step to configure highly available FTP site is to set up the generic script resource that will be used to monitor the FTP service. Copy the following script to Windows\System32\inetsrv\Clusftp7.vbs and add it as generic resource script in Failover Cluster Management.
'This script provides high availability for IIS FTP websites 'The script is applicable to: ' - Windows Server 2008: Microsoft FTP Service 7.5 for IIS 7.0 (available for download from microsoft.com) ' - Windows Server 2008 R2: FTP Service in the box 'More thorough and application-specific health monitoring logic can be added to the script if needed Option Explicit 'Helper script functions 'Start the FTP service on this node Function StartFTPSVC() Dim objWmiProvider Dim objService Dim strServiceState Dim response 'Check to see if the service is running set objWmiProvider = GetObject("winmgmts:/root/cimv2") set objService = objWmiProvider.get("win32_service='ftpsvc'") strServiceState = objService.state If ucase(strServiceState) = "RUNNING" Then StartFTPSVC = True Else 'If the service is not running, try to start it response = objService.StartService() 'response = 0 or 10 indicates that the request to start was accepted If ( response <> 0 ) and ( response <> 10 ) Then StartFTPSVC = False Else StartFTPSVC = True End If End If End Function 'Cluster resource entry points. More details here: 'http://msdn.microsoft.com/en-us/library/aa372846(VS.85).aspx 'Cluster resource Online entry point 'Make sure the FTP service is started Function Online( ) Dim bOnline 'Make sure FTP service is started bOnline = StartFTPSVC() If bOnline <> True Then Resource.LogInformation "The resource failed to come online because ftpsvc could not be started." Online = False Exit Function End If Online = true End Function 'Cluster resource offline entry point 'On offline, do nothing. Function Offline( ) Offline = true End Function 'Cluster resource LooksAlive entry point 'Check for the state of the FTP service Function LooksAlive( ) Dim objWmiProvider Dim objService Dim strServiceState set objWmiProvider = GetObject("winmgmts:/root/cimv2") set objService = objWmiProvider.get("win32_service='ftpsvc'") strServiceState = objService.state if ucase(strServiceState) = "RUNNING" Then LooksAlive = True Else LooksAlive = False End If End Function 'Cluster resource IsAlive entry point 'Do the same health checks as LooksAlive 'If a more thorough than what we do in LooksAlive is required, this should be performed here Function IsAlive() IsAlive = LooksAlive End Function 'Cluster resource Open entry point Function Open() Open = true End Function 'Cluster resource Close entry point Function Close() Close = true End Function 'Cluster resource Terminate entry point Function Terminate() Terminate = true End Function