Load Balancing Group
A load balancing group is a group of CipherTrust Manager servers that the client can connect to. The load balancer is a client feature that determines how best to connect to the servers in the load balancing group. When concurrent requests are made, the load balancer determines which server to use - the goal is to distribute connections equally among the servers. You create a load balancing group by listing multiple CipherTrust Manager servers IP addresses (separated by colons) in the NAE_IP
property. For example:
<NAE_IP Tier="1">192.168.1.10:192.168.1.11:192.168.1.12</NAE_IP>
The client will use the same CADP.NETCore_Properties.xml
file for all members of the load balancing group. If the client uses NAE_Port 9000
, all CipherTrust Manager devices must use port 9000
.
Note
It is recommended that all of the devices in a load balancing group also be the members of the same cluster. Clustered servers use the same port and protocol, as well as have the same keys and users. For more on clustering, refer to "SafeNet KeySecure Appliance User Guide".
Note
All members of a load-balancing group must be either FIPS-compliant or non-FIPS. You cannot mix FIPS-compliant and non-FIPS servers.
How it Works
The following steps describe what happens when the client attempts to connect to the load balancing group for the first time:
The client creates an NAE session. This in turn creates a new load balancer, which stores the
NAE_IP
,NAE_Port
,Protocol
,Connection_Timeout
, andConnection_Retry_Interval
properties. The load balancer also creates a new connection pool for each server in the load balancing group.The client requests a connection from the load balancer. Since this is the first connection request, the load balancer chooses one of the CipherTrust Manager servers and creates a connection in a round-robin fashion.
The client waits the duration of
Connection_Timeout
for a server response.Server 1 does not respond within the timeout period. The client ignores Server 1 for the duration of the
Connection_Retry_Interval
.The client uses the connection to send a cryptographic request to Server 2.
Server 2 sends the response.
The client receives the response. The load balancer keeps the connection in the connection pool.
The client requests another connection. The load balancer uses the round-robin algorithm to determine which CipherTrust Manager server to use. The load balancer searches that CipherTrust Manager server's connection pool for an existing connection.
Related Properties
To connect to a load balancing group, you will have to set the following parameters in the properties file:
NAE_IP
NAE_Port
Protocol
Connection_Timeout
Connection_Retry_Interval
Load_Balancing_Algorithm
To know more about these properties, refer to Network Configuration Parameters and Connection Configuration Parameters.