Load Balancer
This document describes the configuration steps to allow CTE agents communicate with a CipherTrust Manager cluster behind a network load balancer.
Prerequisites
Make sure a passthrough network load balancer is configured with the nodes of the CipherTrust Manager cluster. Refer to Clusters and Nodes for details on creating a CipherTrust Manager cluster.
Note
Only network load balancers with passthrough authentication are supported.
Configure the Load Balancer on CipherTrust Manager
After completing the prerequisites, you can configure the load balancer. Click the desired tab to view the instructions.
On the load balancer, log on to the CipherTrust Manager GUI.
Click Admin Settings > Properties.
Under LOAD BALANCER ADDRESS, in the Value, specify the hostname or IP address of the load balancer.
Go to the Properties section.
Update the name of the load balancer address.
Run the API
patch /v1/configs/properties/{name}
Example
/v1/configs/properties/LOAD_BALANCER_ADDRESS
Sample Output
{ "name": "LOAD_BALANCER_ADDRESS" , "value": "cte-cm-d91617b26a55d596.elb.us-east-1.amazonaws.com", "description": "Add IP/URL/Hostname of load balancer configured with CM. Default value is empty for CM." }
Limitations
If the nodes are configured with the load balancer, the configured Server Settings for the CTE Profiles on the CipherTrust Manager will not be applicable.
Refer to Configuring Server Settings for details.
The Agent Information on the CipherTrust Manager will be unavailable for the CTE clients registered with the load balancer.
If the load balancer configuration is deactivated and the CipherTrust Manager cluster is also removed, the agents registered with the load balancer need to be reregistered with the desired CipherTrust manager.
When the load balancing setup changes to the non-load balancing mode, that is, when the load balancing configuration is removed, any configuration changes take time to reflect on the registered clients. If a client is down/unavailable, the configuration changes would not be updated for that client.
Workaround: To update the client with the configuration changes, reregister the client after it is up and running!