Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java System Identity Server 2004Q2 Deployment Planning Guide 

Appendix E  
Load Balancer Configuration

Sun Java™ System Identity Server can be configured to work with a load balancer. This chapter details the features of load balancing and how it can be accomplished. The chapter contains the following sections:

Load Balancer Overview

Load balancing is used to divvy up between two or more servers the amount of work usually done by one, allowing more work to get done in the same amount of time. In general, this means that all users are served faster. Load balancing can be implemented with hardware, software, or a combination of both. Figure E-1 illustrates how an Identity Server deployment can be configured with a load balancer. It is important in this configuration that all instances of Identity Server share the same Directory Server. Once configured, the load balancer (and thus, all Identity Server services) is accessed via the URL http://loadbalancer_host.domain:port/amconsole.

Figure E-1  Identity Server Configuration With Load Balancer

Identity Server Configuration with Load Balancer

Sticky Sessions

A load balancer deployed with Identity Server must support sticky sessions. A sticky session specifies that once a session is created by a given server, subsequent requests from the user will continue to be routed to that same server in order to preserve session information. Since Identity Server uses cookies to relay session information, the load balancer needs to redirect to the server that created the session. Without sticky sessions, all servers would have to be trusted and performance might be impaired.

Resonate Central Dispatch Installation

Resonate Central Dispatch is a software-based load balancer. The first step in configuring Identity Server to work with a load balancer is installation. Assuming two physical servers, ensure that the machines are in the same subnet. On machine1, install Sun Java System Web Server, Sun Java System Directory Server, and Identity Server (in that order), pointing the instance of Identity Server to the installed instance of Directory Server. On machine2, install Sun Java System Web Server and Identity Server, pointing the instance of Identity Server to the instance of Directory Server installed on server1. The Central Dispatch software should be installed as follows:

A Reporter Agent will be automatically installed on both machines during the installation process itself. The terms defined in Table E-1 are specific to Central Dispatch and might be used in the configuration procedures.

Table E-1  Resonate Central Dispatch Terms Defined

Central Dispatch Term

Definition

CDMaster

The Central Dispatch Master is the graphical user interface used to manage and monitor a single (or multiple) Central Dispatch site(s). All Central Dispatch configurations will be applied using this console.

Node

A Node is an instance of Identity Server configured as such via the CDMaster console. A Node can be configured as either a scheduler or server.

CDAdapter

The Central Dispatch Adapter is a proxy that provides a link between a single Central Dispatch site and the CDMaster.

CDAction

CDAction is a command line utility used to configure, monitor, and administer a Central Dispatch site.

For more information on installing Central Dispatch and the product in general, see the documentation set that is provided with the software.

Configuring The Load Balancer

Sticky Sessions can be implemented using either the setcookie function or load balancer cookies. The procedures detailed in the next sections illustrate how to configure the load balancer for both of these options. The steps involved relate to the Resonate Central Dispatch load balancer although they can be modified to work with any load balancer software.

To Configure Central Dispatch for setcookie

  1. Create two Solaris users (cdadmin and cdmon) using admintool.
  2. Launch the CDMaster console on server1.

    3. Change to the default directory (/usr/local/resonate/cd/cdmaster/bin) and run ./cdmaster. When instructed, connect to the CDAdapter installed on machine2.

  3. Click on Nodes in the left frame of CDMaster and create one node for each of the two installed instances of Identity Server.

    4. Figure E-2 is a screenshot of the CDMaster console illustrating this step.

    Figure E-2  Creating Nodes With Resonate
    Creating Nodes with Reasonate

  4. Click on VIPs in the left frame of CDMaster and create a new virtual IP address for the host on which the load balancer is installed.

    5. Figure E-3 is a screenshot of the CDMaster console illustrating this and the following steps. Ensure that the Primary Scheduler and Backup Scheduler are correctly configured.

    Figure E-3  Creating a new Virtual IP Address
    Creating a new Virtual IP address

  5. Click on the Scheduling Rules tab in the right frame of VIPs and select HTTP to configure a HTTP scheduling rule as follows:
    1. Under the Properties tab, ensure that the host on which the load balancer is installed is listed as a virtual IP.
    2. Check that the VIP port is the same one defined for the virtual IP.
    3. Select URL for Resource.
  6. Click on HTTP under Scheduling Rules in the left frame of CDMaster.

    7. Figure E-4 is a screenshot of the CDMaster console illustrating this and the following steps.

  7. Select the Server tab at the bottom of the right frame.

    8. Ensure that the servers are selected.

  8. Click on the Load Balancing tab at the bottom of the right frame and select Round Robin (Basic).

    9. Figure E-4  Configuring HTTP Scheduling Rules
    Configuring HTTP Scheduling Rules

  9. Click on Nodes in the left frame of CDMaster and select the configured node for the second instance of Identity Server, server2.

    10. Figure E-5 is a screenshot of the CDMaster console illustrating this and the following steps.

    Figure E-5  Configuring Nodes With CDMaster
    Configuring Nodes With CDMaster

  10. Click on Properties at the top of the right frame and make sure that the Alias is server2.example.com and that Server Enabled and Server auto enabled are selected.
  11. Click the VIP Scheduling tab at the bottom of the right frame and check that the Primary virtual IP is configured for the host on which the load balancer is installed.
  12. Select the Scheduling Rules tab at the bottom of the right frame and make sure that all the servers and ports are listed under Component.
  13. Repeat Step 9 through Step 12 above for server1.

    14. Configure the first instance of Identity Server (server1) as detailed, deleting Step 11 which configures server2 as the Primary under the Scheduling Rules tab.

  14. Click on Scheduling Rules in the left frame of CDMaster.

    15. Figure E-6 is a screenshot of the CDMaster console illustrating this and the following steps.

    Figure E-6  Configuring a Cookie Persistence Scheduling Rule
    Configuring a Cookie Persistence Scheduling Rule

  15. Select Cookie/CGI Persistence and create a Cookie Persistence Scheduling Rule.

    16. The Attribute-value pair is defined as iPlanetDirectoryPro=*.

  16. Label the rule and make sure that the correct port for the virtual IP is defined.

    17. The VIP list should contain the configured host on which the load balancer is installed.

  17. Select the Server tab at the bottom of the right frame and make sure that both servers are checked.
  18. Select the Load Balancing tab at the bottom of the right frame and select Round Robin (Basic).

This completes the configuration of Central Dispatch for setcookie. Continue to the next section, To Configure Identity Server for setcookie, to complete the deployment.

To Configure Identity Server for setcookie

The Identity Server configuration for both server1 and server2 needs to be updated to recognize the load balancer when using setcookie.

  1. Login as amadmin to the Identity Server instance installed on server1.
  2. Add the value of the host machine on which the load balancer is installed to the Organization Aliases attribute.

    3. View the top-level organization under the Identity Management tab to find the Organization Aliases attribute.

  3. Add server2 to the Platform List attribute in the Platform Service under the Service Management tab.
  4. Set the fqdnMap property in AMConfig.properties.

    5. Caution

    This step can not be done using the Identity Server console.

    By default, the fqdnMap property is commented out. Remove the # and configure the property as: com.sun.identity.server.fqdnMap[loadbalancer_host.domain]=loadbalancer_host.domain

  5. Restart server1 and server2.

See Confirming The Configuration for instructions on how to verify the configuration procedure.

To Configure Central Dispatch with Load Balancer Cookies

  1. Create two Solaris users (cdadmin and cdmon) using admintool.
  2. Launch the CDMaster console on server1.

    3. Change to the default directory (/usr/local/resonate/cd/cdmaster/bin) and run ./cdmaster. When instructed, connect to the CDAdapter installed on server2.

  3. Click on Nodes in the left frame of CDMaster and create one node for each of the two installed instances of Identity Server.
  4. Click on VIPs in the left frame of CDMaster and create a new virtual IP address for the host on which the load balancer is installed.

    5. Ensure that the Primary Scheduler and Backup Scheduler are configured.

  5. Click on the Scheduling Rules tab in the right frame of VIPs and select HTTP to configure a HTTP scheduling rule as follows:
    1. Under the Properties tab, ensure that the host on which the load balancer is installed is listed as a virtual IP.
    2. Check that the VIP port is the same one as defined for virtual IP.
    3. Select URL for Resource.
  6. Click on HTTP under Scheduling Rules in the left frame of CDMaster.
  7. Select the Server tab at the bottom of the right frame.

    8. Ensure that the servers are selected.

  8. Click on the Load Balancing tab at the bottom of the right frame and select Round Robin (Basic).
  9. Click on Nodes in the left frame of CDMaster and select the configured node for the second instance of Identity Server, server2.
  10. Click on Properties at the top of the right frame and make sure that the Alias is server2.example.com and that Server Enabled and Server auto enabled are selected.
  11. Click the VIP Scheduling tab at the bottom of the right frame and check that the Primary virtual IP is configured for the host on which the load balancer is installed.
  12. Select the Scheduling Rules tab at the bottom of the right frame and make sure that all the servers and ports are listed under Component.
  13. Repeat Step 9 through Step 12 above for server1.

    14. Configure the first instance of Identity Server (server1) as detailed, deleting Step 11 which configures server2 as the Primary under the Scheduling Rules tab.

  14. Click on Scheduling Rules in the left frame of CDMaster.
  15. Select Cookie/CGI Persistence and create two Cookie Persistence Scheduling Rules: one for server1 and one for server2.
  16. Label server1 and make sure that the correct port for the virtual IP is defined.

    17. The VIP list must also contain the configured host on which the load balancer is installed.

  17. Choose cookie as the Resource and define the Attribute-value pair as server1=server1.
  18. Select the Server tab at the bottom of the right frame and make sure that both servers are selected.
  19. Select the Load Balancing tab at the bottom of the right frame and select Round Robin (Basic).
  20. Repeat Step 14 through Step 19 for server2.

This completes the configuration of Central Dispatch for load balancer cookies. Continue to the next section, To Configure Identity Server with Load Balancer Cookies, to complete the deployment.

To Configure Identity Server with Load Balancer Cookies

The Identity Server configuration for both server1 and server2 needs to be updated to recognize the load balancer.

  1. Login as amadmin to the Identity Server instance installed on server1.
  2. Add the value of the host machine on which the load balancer is installed to the Organization Aliases attribute.

    3. View the top-level organization under the Identity Management tab to find the Organization Aliases attribute.

  3. Add server2 to the Platform List attribute in the Platform Service under the Service Management tab.
  4. Set the fqdnMap property in AMConfig.properties.

    5. Caution

    This step cannot be done using the Identity Server console.

    By default, the fqdnMap property is commented out. Remove the # and configure the property as: com.sun.identity.server.fqdnMap[loadbalancer_host.domain]=loadbalancer_host.domain

  5. Add the following properties to the AMConfig.properties files on server1 and server2, respectively.
    1. Set the cookie name and value on server1 as:

      2. com.iplanet.am.lbcookie.name=server1

      com.iplanet.am.lbcookie.value=server1

    2. Set the cookie name and value on server2 as:

      3. com.iplanet.am.lbcookie.name=server2

      com.iplanet.am.lbcookie.value=server2

  6. Restart server1 and server2.

Confirming The Configuration

The following steps will confirm that the configuration is correct.

Caution

Before starting these procedures, disable the keepAliveTimeout option in the Sun Java System Web Server web container.

  1. Start the CDMaster by selecting Start under the Manage tab of the console.
  2. Create several new users and login as those users.
  3. Type http://loadbalancer_host.domain:port/amconsole into the Location bar of a web browser.
  4. Login to Identity Server as amadmin and select the Current Sessions tab.

    5. As amadmin, the created users and their corresponding servers will be visible. The users should all redirect back to the server on which their sessions were initiated. The web server access logs can also confirm this.



Previous      Contents      Index      Next     

Copyright 2004 Sun Microsystems, Inc. All rights reserved.