Please Note:

Administration
Overview
Quick Start
Upgrade from PA/CAP for .NET Core to CADP for .NET Core
Tasks
- Create an NAE Session
- Setting up SSL with CipherTrust Manager
- Add Multiple CipherTrust Manager Servers
- Key Operations
  - Creating a Key
  - Creating a New Version of the Versioned Key
  - Using a Versioned Key to Decrypt, SignV, and MACV
  - Getting an Instance of a Key Object
  - Alternative Method to Get an Instance of a Key Object
  - Deleting a Key using the Key Name
  - Exporting a Key
  - Exporting a Warapped Key
  - Setting a Key Mode and Padding
  - Getting Attributes of a Key
  - Exporting all Versions of a Versioned Key
- Generate and Verify MAC
- Encrypt a String Using an AES Key
- Decrypt a String Using an AES Key
- Encrypt a String Using an RSA Key
- Decrypt a String Using an RSA Key
- Sign and SignVerify Data using an RSA Key
- Enable Connection Pooling
- Enable Symmetric Key Caching
- Enable Asymmetric Key Caching
- Set Logging Parameters
- Change the Default Value of Connection Timeout
Advanced Topics
- Configuration
  - Network Configuration Parameters
  - Connection Configuration Parameters
  - Caching Parameters
  - Logging Parameters
  - SSL Configuration Parameters
  - Miscellaneous Configuration Parameters
- Concepts
  - Connection Pooling
  - Load Balancing Group
  - Multi-tier Load Balancing Group
  - Symmetric/Asymmetric Key Caching
- Connection Pooling
- Supported Services & Operations
  - Supported Cryptographic Operations
- NAE Supported Functions
  - Supporting Calls
  - Connection Calls
  - Key-related Calls
  - MAC/Hash-related Calls
  - Security Considerations
- Format Preserving Encryption
- API Definitions
- Alternate Method to Add Nuget Package
- Troubleshooting

CADP for .NET Core
Administration
Advanced Topics
Concepts
Load Balancing Group

Load Balancing Group

A load balancing group is a group of CipherTrust Manager servers that the client can connect to. The load balancer is a client feature that determines how best to connect to the servers in the load balancing group. When concurrent requests are made, the load balancer determines which server to use - the goal is to distribute connections equally among the servers. You create a load balancing group by listing multiple CipherTrust Manager servers IP addresses (separated by colons) in the NAE_IP property. For example:

<NAE_IP Tier="1">192.168.1.10:192.168.1.11:192.168.1.12</NAE_IP>

The client will use the same CADP.NETCore_Properties.xml file for all members of the load balancing group. If the client uses NAE_Port 9000, all CipherTrust Manager devices must use port 9000.

Note

It is recommended that all of the devices in a load balancing group also be the members of the same cluster. Clustered servers use the same port and protocol, as well as have the same keys and users. For more on clustering, refer to "SafeNet KeySecure Appliance User Guide".

Note

All members of a load-balancing group must be either FIPS-compliant or non-FIPS. You cannot mix FIPS-compliant and non-FIPS servers.

How it Works

The following steps describe what happens when the client attempts to connect to the load balancing group for the first time:

The client creates an NAE session. This in turn creates a new load balancer, which stores the NAE_IP, NAE_Port, Protocol, Connection_Timeout, and Connection_Retry_Interval properties. The load balancer also creates a new connection pool for each server in the load balancing group.
The client requests a connection from the load balancer. Since this is the first connection request, the load balancer chooses one of the CipherTrust Manager servers and creates a connection in a round-robin fashion.
The client waits the duration of Connection_Timeout for a server response.
Server 1 does not respond within the timeout period. The client ignores Server 1 for the duration of the Connection_Retry_Interval.
The client uses the connection to send a cryptographic request to Server 2.
Server 2 sends the response.
The client receives the response. The load balancer keeps the connection in the connection pool.

The client requests another connection. The load balancer uses the round-robin algorithm to determine which CipherTrust Manager server to use. The load balancer searches that CipherTrust Manager server's connection pool for an existing connection.

Related Properties

To connect to a load balancing group, you will have to set the following parameters in the properties file:

NAE_IP
NAE_Port
Protocol
Connection_Timeout
Connection_Retry_Interval
Load_Balancing_Algorithm

To know more about these properties, refer to Network Configuration Parameters and Connection Configuration Parameters.

Suggest A Change

Load Balancing Group

How it Works

On this page