Clustering and load balancing are key components for ensuring high availability deployment of Sectona Web Access. The solution includes an inbuilt version of a software-based load balancer with support for an external load balancer.

For added clarity, a load balancer distributes incoming user requests across a cluster to minimize response time and avoid overloading any single node. The load balancer also returns the response from the selected server to the user. The load balancer serves three essential functions:

  • Distributes traffic efficiently across multiple nodes

  • Ensures high availability by sending traffic only to nodes that are online (requires health check monitoring)

  • Enables the ability to add and remove nodes

This guide is intended to provide help configuring and implementing clustering and load balancer in conjunction or independently. The system supports both hardware-based and software-based load balancers. Software load balancers should run on dedicated machines. For both software and hardware solutions, the load balancer should be connected to the application cluster using a high-speed LAN connection to ensure high bandwidth and low latency.

This section covers

Before You Begin

  • Make sure that the version of the Sectona PAM application that is installed on both the primary node as well as the failover node is the same.

  • The interfaces associated with the IP addresses that we use for High Availability configuration in Sectona PAM should have static IP address configuration and not DHCP or PPPoE configuration.

Supported failover techniques for Web Access

This section describes various application failover techniques recommended for enabling failover of Web Access and services of the application.

Windows clustering-based high availability

The below steps are required to achieve high availability using Windows Clustering

Sectona uses Internet Information Services (IIS) server for hosting web access components. Sectona supports 1+n node in Windows cluster for failover. Refer to the below procedure for achieving high availability using Windows Clustering

  • Create a Windows Cluster as per recommended Microsoft sizing and build guidelines mentioned here.

  • Make sure the IIS service (World Wide Web Publishing Service) parameter - Start Type is set to 'Manual' on both Primary and Failover nodes.

  • Install the all web access package as per Install Web Access procedures on the primary node on cluster drive (a common drive between Primary and Failover node) 

  • Now manually move the cluster to failover node and repeat the installation of web access package on failover node. Ensure the installation path is set to the Web Access folder on the same cluster drive which is now assigned to failover node. Once the installation procedure is successfully completed you will have a common Web Access folder for both Primary and Failover node.

  • Create a .bat file with the following two commands and save it in Web Access folder on cluster drive. The command is to start the IIS on cluster failover.

    • net stop W3SVC

    • net Start W3SVC

  • In cluster > role > configure role > choose 'Generic Script' role.

  • Give the name to role > location of .bat file > assign a new IP address (available from the network) for the role > Attach Sectona Web Access cluster drive > Finish. (In the event of a failover, cluster drive is moved from Primary node to Failover node, this executes the configured role and the batch file is executed which restarts the IIS)

  • You are required to update the Web Access Node setting to be pointed to cluster IP. Follow the procedure to update this

    • Login to the Sectona PAM portal as an administrator.

    • Go to System →System Status →App Services and start the service called SystemHighAvailabilityService.

    • Click on the High Availability option on the left side menu and select the Application option.

    • Click on the+ Add Node button and fill the required details. Following are the attributes to be filled for adding a node

    • Make sure you tick the Active tick box to activate the node.

    • Click on the Save button to add the node. The added node will appear on the High Availability screen as shown as follows:

Attribute

Recommended setting

Host Name

Enter the hostname of the HA server

Port

Enter the port number for the HA server

System Role

Select the role as 'Primary' from the drop-down

IP Address

Enter the cluster IP address of the server

URL

This is normally DNS or server name

Priority

Select the priority for the drop-down as 1

Using internal load balancing

Sectona has inbuilt application load balancing where two web access nodes are configured in Active-Active mode with priority defined. The priority 1 (P1) node will always take the client request, checks the number of sessions running on each node and resource utilization to determine which node will process the request. The node with lesser concurrent sessions and resource utilization compared to other nodes will always serve the request. In case of node failure, the online node will become P1 node and serve all the incoming requests. Sectona supports 1+1 node for failover.

Adding Priority-1 Node

This section helps you add the primary P1 node in your application:

  • Login to the Sectona PAM portal as an administrator.

  • Go to System → System Status → App Services and start the service called SystemHighAvailabilityService and also WebAppHighAvailabilityService.

  • Click on the High Availability option on the left side menu and select the Application option.

  • Click on the +Add Node button and fill the required details. Following are the attributes to be filled for adding a node

  • Make sure you tick the Active tick box. Click on the Save button to add the node. The added node will appear on the High Availability screen as shown as follows:

Attribute

Description

Host Name

Enter the hostname of the Primary (P1) node.

Port

Enter the port number for the Primary (P1) node.

System Role

Select the role as 'Primary' from the drop-down

IP Address

Enter the IP address of the Primary (P1) node.

URL

Provide the URL for the Primary (P1) node.

Priority

Select the priority for the drop-down as 1

Adding Priority-2 Node

This section helps you add the primary P2 node in your application:

  • Login to the Sectona PAM portal as an administrator.

  • Click on the High Availability option on the left side menu and select the Application option.

  • Click on the +Add Node button and fill the required details. Following are the attributes to be filled for adding a node:

  • Make sure you tick the Active tick box. Click on the Save button to add the node. The added node will appear on the High Availability screen as shown as follows:

Attribute

Description

Host Name

Enter the hostname of the Primary (P21) node.

Port

Enter the port number for the Primary (P2) node.

System Role

Select the role as 'Primary' from the drop-down

IP Address

Enter the IP address of the Primary (P2) node.

URL

Provide the URL for the Primary (P2) node.

Priority

Select the priority for the drop-down as 2

External Load Balancing

External load balancing is configured using a hardware or software load balancer with a specialized operating system that distributes web application traffic across a cluster of application servers. The hardware load balancers are implemented on Layer4 (Transport layer) and Layer7 (Application layer). On Layer4 it makes use of TCP, UDP, and SCTP transport layer protocol details to decide on which server the data is to be sent. On Layer7, it forms an ADN (Application Delivery Network) and passes on requests to the servers as per the type of the content. For configuring Sectona Web Access with external load balancer, it is important to configure Session stickiness, a.k.a., session persistence, that is a process in which a load balancer creates an affinity between a client and a specific network server for the duration of a session. Sectona supports 1+n node in External load balancer for failover.

You are required to update the Web Access Node setting to be pointed to load balancer IP. Follow the procedure to update this

  • Login to the Sectona PAM portal as an administrator.

  • Go to System → System Status → App Services and start the service called SystemHighAvailabilityService.

  • Click on the High Availability option on the left side menu and select the Application option.

  • Click on the + Add Node button and fill the required details. Following are the attributes to be filled for adding a node:

Attribute

Description

Host Name

Enter the hostname of the HA server

Port

Enter the port number for the HA server

System Role

Select the role as 'Primary' from the drop-down

IP Address

Enter the Load balancer IP address of the server

URL

Provide the URL for the HA server

Priority

Select the priority for the drop-down as 1

  • Make sure you tick the Active tick box. Click on the Save button to add the node.