Novell Access Manager 3 is a comprehensive access control solution that provides seamless, single sign-on across technical and organizational boundaries, based on the Identity Federation standards. This product combines advanced capabilities such as multi-factor authentication, data encryption, clientless single sign-on and SSL VPN for secure access from any location, coupled with simplified deployment and administration.
Novell SSL VPN is designed to provide secure access to non-HTTP based applications inside a corporate network. Novell SSL VPN is combined with the powerful identity services of Novell Access Manager, which provides authentication and secure access to resources.
The Novell Access Manager 3 SSL VPN consists of two components which handle the user sessions, namely, the Tomcat servlet and the connection manager. The Tomcat Servlet receives the session request from proxy, validates the required attributes and informs the connection manager about the session and delivers the SSL VPN client component to the user’s machine.
The SSLVPN Tomcat servlets can be configured for load balancing among multiple SSL VPN connection managers, using the Session Persistence feature of Access Gateway. This appnote describes the load balancing capabilities of the Novell Access Manager 3 SSL VPN.
Access Gateway(Linux or NetWare)
SSL VPN Servlets
SSL VPN Server (includes the connection manager, SOCKS Server, and the Stunnel Server)
The SSL VPN user accesses the SSL VPN service by entering the following URL in the address bar:
This URL is session-persistence-enabled and is accelerated and protected by the Access Gateway. The SSL VPN servlets and the Access Gateway are configured for round robin load balancing.
When the first user sends the connection request, the first SSL VPN servlet selects the first connection manager to serve the request. All the client components are then downloaded to the client machine. Similarly, the second connection request goes to the second servlet and the first connection manager of the second servlet. This ensures that the load is distributed equally among all the SSL VPN servlets and the connection managers.
The following figure depicts multiple SSLVPN servlets and multiple SSLVPN Connection Managers.
6. Select the Enable Persistent Connections check box.
7. Select Round Robin for the Policy for Multiple Destination IP Addresses option.
8. Click OK and apply changes.
Configuring Individual SSL VPN Servlets
To configure individual SSL VPN servlets,
1. Open config.txt which is located in the following path:
The first line of the file contains the IP address and port number of the default server in the following format:
2. Specify the IP addresses of additional SSL VPN servlets.
Note: Add the IP address and port number of the servers in the same format in the next line. You can add a maximum of four servers to the failover group.
3. To enable load balancing among servers, set RoundRobinCluster=true
4. Save and close the file.
5. Restart the server by entering the following command:
Note: If the specified SSL VPN server is not available, the client will not be switched to the next server. An error message will be thrown, saying the server is not available. The client has to try again to access the next SSL VPN server.
The SSLVPN Tomcat servlets can be configured for round robin load balancing among multiple SSL VPN connection managers, using the Session Persistence feature of Access Gateway.
(0 votes, average: 0.00 out of 5) You need to be a registered member to rate this post.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.