Please reload

Recent Posts

I'm busy working on my blog posts. Watch this space!

Please reload

Featured Posts

load balancing Workspace one Connectors

January 5, 2017

When we plan to implement enterprise solution two things are  point of concern

 

1) Highly available systems ( remove single point of failure / provide redundancy )

2) Distributing load on more than one systems

 


As we know WorkspaceOne Connectors have responsibility to sync users, groups from Active Directory and provide authentication services for users to launch SAML Integrated applications

 

Considerations: We have 4 connector servers that we will use to remove single point of failure and providing redundancy along with load balancing for load.

 


Two Connector servers will serve Internet traffic and another two will take care of intranet (internal) traffic.

 

For security reasons internal connectors will be used for AD sync, they will be domain joined.

For external traffic another two connectors will talk to RSA servers.They will not be talking to any internal services.

 

 


To make sure our connectors are highly available and there are no single point of failure we have options to put their services behind a Network Load balancer and Passing User traffic to a virtual IP rather than directly on to one of the connectors.

 

1) Configuration at load balancer end

 

a) VIP Virtual IP  and related DNS entry to make sure that traffic is posted to the VIP

 

  We need to configure two VIPs, One in DMZ load balancer and One in internal Load balancer  and          respective DNS entries should be done over internet DNS and intranet DNS.

 

b) Server Pool (where you will add your connectors more than one)

 

   We need to configure Two server pools one for internal traffic and one for external traffic.

 

   We will add external connectors to the external pools and add internal connectors to the internal pool.

 

c) Server Monitor (which will be used to monitor services running on connectors)

 

Server monitors are applied on server pools, with some more information about how load balancer identify the services running on the connector servers.

 

Server monitors are needed to make sure faulty connector is out of service, the moment, services are not fine on it.

 

a simple configuration and architecture as below will help to understand more on this.

 

 As explained in diagram , UI server makes decision based on network user is coming from.

 

 

Workspace One End Configuration:

 

We define that in Workspace One Identity Providers

 

Identity providers are internal policies that define if user connections will go  to internal or external VIPs in addition to  authentication mechanism like RSA , Kerberos , NTLM etc.

 

below example helps us to understand the same.

 

 

 

 

 above example shows IDP provider setup where it explains the traffic flow to IDP host name which is our internal vip and connector behind that is connector 1 its only applicable for internal traffic and users are directory users.

 

This is how we control workflow and traffic using network load balancer to separate internal and external traffic along with removing single point of failure for Workspace One Deployment.

 

 

 

 

 

Share on Facebook
Share on Twitter
Please reload

Follow Us
Please reload

Search By Tags
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square

Tel: +91-8879374285

 Bangalore INDIA 560076

© 2017-18 Xtra-V!rtual