[Pki-users] load balancers

Satish Chetty satish at suburbia.org.au
Mon Sep 15 12:25:01 UTC 2008 

Bob Lord wrote:
> On Fri, Sep 12, 2008 at 10:47 AM, Christina Fu <cfu at redhat.com 
> <mailto:cfu at redhat.com>> wrote:
> 
>     bob.lord at gmail.com <mailto:bob.lord at gmail.com> wrote:
> 
>         I'd like to put some load balancers in front of a set of TPS
>         instances (acting as a single virtual TPS) and in front of the
>         CAs that would issue the actual certs.  The balancers would be
>         more for reliability and uptime than performance.
>         Are there any limitations I need to know about?  Is it possible
>         to have multiple TPS instances talk to a single TKS instance? /B
> 
> 
> 
>         ------------------------------------------------------------------------
> 
>         _______________________________________________
>         Pki-users mailing list
>         Pki-users at redhat.com <mailto:Pki-users at redhat.com>
>         https://www.redhat.com/mailman/listinfo/pki-users
>          
> 
>     You can have load balancers in front of TPS instances.  Two things
>     I'd like to call to your attention:
> 
>     1. Between ESC and TPS, HTTP chunked encoding is used, so your load
>     balancer needs to support that.
>     2. The phone home url on the ESC needs to point to the load balancer.
> 
> 
> The load balancers are (usually) transparent, so I'd still point them to 
> tps.corp.example.com <http://tps.corp.example.com>, and the load 
> balancer would deal with the connection consistency, right?  Let me know 
> if I'm not thinking about this right.

	Not sure if my scanrio is the same, but sometime ago, I tried to 
configure a load balancer between two CA instances. Ex the load balancer 
was trying to send traffic to ca1.example.com and ca2.example.com. The 
client saw it as a man in the middle attack (as the client was going to 
ca.example.com). Tried different things to make it work but without 
success.

-Satish.
> 
> -Bob
>  
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list