3.5 Using a Software Load Balancer

Instead of using an L4 switch, you can cluster the Identity Servers and the Access Gateways behind a software load balancer that runs in Layer 7. Each manufacturer uses slightly different terminology, but the basic steps are quite similar. You need to create the following types of objects:

Because the software actually runs in Layer 7, it does not require any special networking setup and it runs on standard server hardware.

As an example, the following instructions explain how to configure the Zeus ZXTM Load Balancer with HTTP and HTTPS for the Identity Server and Access Gateway. For more information about this product, see Zeus Technology.

  1. Create a persistence class for HTTPS.

    HTTPS > SSL Session ID

  2. Create four monitors, two for the Identity Servers and two for the Access Gateways.

    1. Use the following path to specify a path for HTTP:

      Access Manager Appliance: /nesp/app/heartbeat

    2. Configure the following parameter for the monitors:

      HTTP: timeout=10 seconds, use_ssl=no, host_header: <domain>, body_regex: Success

      Replace <domain> with the DNS name of the Access Manager device

  3. Create four pools, one for each monitor. Configure each pool with the following parameters:

    Load _balancing: Round Robin
persistence: <new class created>
max_reply_time: 10

    For an HTTP resource, replace <new class created> with the HTTP class you created.

  4. Create four virtual servers, one for each port. Configure each with the following parameters:

    Protocol: <scheme>
Port: <port>
Pool: <pool created>

    Replace <scheme> with HTTP or HTTPS.

    Replace <port> with one of the following values: 80,8080,443, or 8443.

    Replace <pool created> with one of the pools you created in Step 3.

  5. Create two traffic manager groups, one for the Identity Servers and one for the Access Gateway.

    This is where the virtual IP address is set up.

  6. Start the traffic groups.