Instead of using an L4 switch, you can cluster the Identity Servers and the Access Gateways behind a software load balancer that runs in Layer 7. Each manufacturer uses slightly different terminology, but the basic steps are quite similar. You need to create the following types of objects:
Pools to specify how load balancing occurs, such as round robin.
Persistence classes to be used within the pools to enable the sticky bit or to keep state so that a connection is sent to the same device.
Monitors to be used within the pools for monitoring the health heartbeat of the device.
Virtual servers to set up the ports and protocols for the pools.
Traffic IP groups where the virtual IP addresses are set up and tied to the virtual servers.
Because the software actually runs in Layer 7, it does not require any special networking setup and it runs on standard server hardware.
As an example, the following instructions explain how to configure the Zeus ZXTM Load Balancer with HTTP and HTTPS for the Identity Server and Access Gateway. For more information about this product, see Zeus Technology.
Create two persistence classes, one for HTTPS and one for HTTP.
HTTP > J2EE Session Persistence HTTPS > SSL Session ID
Create four monitors, two for the Identity Servers and two for the Access Gateways.
Use the following paths to specify a path for HTTP and a path for HTTPS:
Identity Server: /nidp/app/heartbeat
Access Gateway: /nesp/app/heartbeat
Configure the following parameters for the monitors:
HTTP: timeout=10 seconds, use_ssl=no, host_header: <domain>, body_regex: Success
HTTPS: timeout=10 seconds, use_ssl=yes, host_header: <domain>, body_regex: Success
Replace <domain> with the DNS name of the Access Manager device
Create four pools, one for each monitor. Configure each pool with the following parameters:
Load _balancing: Round Robin
persistence: <new class created>
max_reply_time: 10
For an HTTP resource, replace <new class created> with the HTTP class you created. For an HTTPS resource replace <new class created> with the HTTPS class you created.
Create four virtual servers, one for each port. Configure each with the following parameters:
Protocol: <scheme> Port: <port> Pool: <pool created>
Replace <scheme> with HTTP or HTTPS.
Replace <port> with one of the following values: 80,8080,443, or 8443.
Replace <pool created> with one of the pools you created in Step 3.
Create two traffic manager groups, one for the Identity Servers and one for the Access Gateway.
This is where the virtual IP address is set up.
Start the traffic groups.