I strongly suggest using a tool designed for load balancing purpose such as haproxy. You may define backend checks and thus avoid sending requests to unavailable apps with a great deal of flexibility.
Your solution is also not HA, as the load balancer is a SPOF (single point of failure). You may want to add another machine and use keepalived for failover.
HAproxy can run in any port that you want, you can even balance different kinds of traffic, not only http, and at the same time configuring frontends (service balancing entry points) and backends (container for service instances and balancing behavior). You can see an example here: http://www.tomcatexpert.com/blog/2010/07/12/trick-my-proxy-front-tomcat-haproxy-instead-apache
For the failover part, I would use keepalived. It checks that your active load balancer is available and failover to secondary machine if its not, floating your virtual ip addres.
You may check this link for an example: http://www.howtoforge.com/setting-up-a-high-availability-load-balancer-with-haproxy-keepalived-on-debian-lenny
To do this properly, you need to have:
- Two seperate instances in two datacenters (as you've already determined)
- Synchronisation between the two datacenters (as you've already determined)
- A way of re-directing clients from one to the other in the event of a failure
There are two common ways of doing this. One simple, one... not.
DNS
Round-Robin DNS isn't quite what you want, because chances are you want all requests to go to the primary DC, and the second DC is only used during downtime of the first.
What you can do though is set a very low TTL on your DNS (say, 30 seconds, or 5 minutes), which will mean that if your DC does go down, you just update your DNS and within 5 minutes or so, all of your clients will be pointing at your other DC.
This means that because your two DC's will have different IP layouts, you need to adjust for this in your setup of the datacenter.
BGP
Basically, if you're asking this question, then this is out of your reach. In short, your IP addresses stay the same, but they are "moved" from one datacenter to the other. This involves expensive routers, expensive IP ranges, and expensive subscriptions to your local registry for AS numbers and IP ranges.
Your BGP routers stop advertising your at your primary datacenter, and start advertising at your secondary datacenter. Then the internet routes around the offline datacenter and sends traffic to your new DC.
If you are virtualised with ESXi and vSphere, VMWare have a pretty good product that we trialled once called VMWare Site Recovery Manager, which basically does everything for you. It keeps your VM configs in sync and powers them up on the 2nd site when the 1st site goes offline. It is big bucks though.
Best Answer
Most likely you can use windows built in failover functionality. Im not very familiar with it, but there are questions like: Windows Service automatic failover
But why do you want active/passive setup rather than two (or more) tomcats working simultaneously in a load balanced setup? IMO this is much better and possibly easier to configure.
Using tomcats session distribution any server can crash at will and no visitor notices any interruption.
You can also easily take one server out of the load balancer, perform work like upgrades, and then reenable it again.
Last but not least, when two servers are not enough to handle the load, you can add more, which i think is harder in a active/passive setup
(I would've just added a comment, since i dont really answer your question, but i lack points and I though I should give you this tip anyway :)