3.6 Using a Software Load Balancer

Instead of using an L4 switch, you can cluster the Identity Servers and the Access Gateways behind a software load balancer that runs in Layer 7. Each manufacturer uses slightly different terminology, but the basic steps are quite similar. You need to create the following types of objects:

Because the software actually runs in Layer 7, it doesn't require any special networking setup and it runs on standard server hardware.

As an example, the following instructions explain how to configure the Zeus ZXTM Load Balancer with HTTP and HTTPS for the Identity Server and Access Gateway. For more information about this product, see Zeus Technology.

  1. Create two persistence classes, one for HTTPS and one for HTTP.

    HTTP > J2EE Session Persistence
    HTTPS > SSL Session ID
  2. Create four monitors, two for the Identity Servers and two for the Access Gateways.

    1. Use the following paths to specify a path for HTTP and a path for HTTPS:

      Identity Server: /nidp/app/heartbeat

      Access Gateway: /nesp/app/heartbeat

    2. Configure the following parameters for the monitors:

      HTTP: timeout=10 seconds, use_ssl=no, host_header: <domain>, body_regex: Success

      HTTPS: timeout=10 seconds, use_ssl=yes, host_header: <domain>, body_regex: Success

      Replace <domain> with the DNS name of the Access Manager device

  3. Create four pools, one for each monitor. Configure each pool with the following parameters:

    Load _balancing: Round Robin
    persistence: <new class created>
    max_reply_time: 10

    For an HTTP resource, replace <new class created> with the HTTP class you created. For an HTTPS resource replace <new class created> with the HTTPS class you created.

  4. Create four virtual servers, one for each port. Configure each with the following parameters:

    Protocol: <scheme>
    Port: <port>
    Pool: <pool created>

    Replace <scheme> with HTTP or HTTPS.

    Replace <port> with one of the following values: 80,8080,443, or 8443.

    Replace <pool created> with one of the pools you created in Step 3.

  5. Create two traffic manager groups, one for the Identity Servers and one for the Access Gateway.

    This is where the virtual IP address is set up.

  6. Start the traffic groups.