[Pki-users] load balancers
Satish Chetty
satish at suburbia.org.au
Mon Sep 15 12:25:01 UTC 2008
Bob Lord wrote:
> On Fri, Sep 12, 2008 at 10:47 AM, Christina Fu <cfu at redhat.com
> <mailto:cfu at redhat.com>> wrote:
>
> bob.lord at gmail.com <mailto:bob.lord at gmail.com> wrote:
>
> I'd like to put some load balancers in front of a set of TPS
> instances (acting as a single virtual TPS) and in front of the
> CAs that would issue the actual certs. The balancers would be
> more for reliability and uptime than performance.
> Are there any limitations I need to know about? Is it possible
> to have multiple TPS instances talk to a single TKS instance? /B
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com <mailto:Pki-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/pki-users
>
>
> You can have load balancers in front of TPS instances. Two things
> I'd like to call to your attention:
>
> 1. Between ESC and TPS, HTTP chunked encoding is used, so your load
> balancer needs to support that.
> 2. The phone home url on the ESC needs to point to the load balancer.
>
>
> The load balancers are (usually) transparent, so I'd still point them to
> tps.corp.example.com <http://tps.corp.example.com>, and the load
> balancer would deal with the connection consistency, right? Let me know
> if I'm not thinking about this right.
Not sure if my scanrio is the same, but sometime ago, I tried to
configure a load balancer between two CA instances. Ex the load balancer
was trying to send traffic to ca1.example.com and ca2.example.com. The
client saw it as a man in the middle attack (as the client was going to
ca.example.com). Tried different things to make it work but without
success.
-Satish.
>
> -Bob
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list