|
Renan .. Renan < wrote: We have customers that use 3rd party load balancers to distribute the initial web connection to SGD, but there the configuration can be tricky and there is available a software solution that might just do what you require.Hi people, I would like to know if is possible to put one switch layer 7 to balance conections and to reduce the overhead of SSL (ttassl) for the secure global desktop (SGD) of sun? Some background information - there are 2 types of traffic with SGD, http (ports: unencrypted 80, encrypted is tunneled over 443) and AIP (ports: unencrypted 3144, encrypted 5307, tunneled is 443). More information on SGD ports here: http://docs.sun.com/source/819-6255/ports_used.html *Traditionally a client device makes an initial http connection to get their UI inside a browser. From that point on it's wise to ensure subsequent http connections from a client keep going to the same http server. The second type of connection is the AIP connection. Without firewall forwarding enable this will be on either 3144 (unencrypted) or 5307 (encrypted). The SGD array (collection of 1 or more SGD servers) will direct client AIP connections to a specific SGD server. You must not attempt to load balance this connection. Doing so will break things as they client is trying to request services and your device could be stopping them getting to the server they need to get to. {* It's possible to run older native clients and the new ttatcc component that don't use a browser for a UI, but they used to make an initial http connection to pull down some client configuration. I'm not sure if the latest ttatcc still does that.) As I'm sure you know, when you enable firewall forwarding, all traffic is tunneled over 443. In this configuration, ttassl sits on 443 on the SGD server and grabs all traffic, parses it, hands off http to the webserver (the 127.0.0.1:80 change you would've made to httpd.conf to enable fw forwarding) and directs the remaining AIP traffic to the right protocol engine.ps. I tried with ultramonkey-l7 but sgd has one diferent behavior when the connection is http or https (ugly). For sample, when I use https, all data between client and server pass through of the port 443 but when the connection is normal http, the client connect at port 3144 or 5307 of sgd... :-| There is a small software component included since SGD 4.3 that is designed to assist with load balancing connections and managing these correctly. Assuming you have a recent release, you might want to take a look at this. It contains information on how to configure it, and you can find it here: /opt/tarantella/webserver/tomcat/5.0.28_axis1.2/webapps/sgd/admin/loaddist/swcd.jsp Hope this helps! Curtis. -- Desktop Technical Specialist Sun Microsystems accessline: (310) 464-6289 internal: 41621 |
_______________________________________________ SGD-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sgd-users
