Network Load Balancing

Topics: Architecture, Security, Setup
May 15, 2008 at 3:08 PM
Dear,

I've searched for any discussions on NLB setup but couldn't find.
I'm trying to setup the application "LitewareHR" on a network load balancing environment, I would need any articles or procedure I should follow to complete this. I've already tried serializing the session into SQL and setup the NLB environment but I was stuck with the error=sts.

Thanks in advance.
May 20, 2008 at 7:06 AM
The configuration of the STS here, uses wsFedaration that does not support load balancing since it uses secure session, so kindly guys how to make same configuration using custom binding to this app in order to support load balancing.

Thanks..
Coordinator
Jun 12, 2008 at 4:12 PM


Hamdan wrote:
The configuration of the STS here, uses wsFedaration that does not support load balancing since it uses secure session, so kindly guys how to make same configuration using custom binding to this app in order to support load balancing.

Thanks..


You could still configure NLB with affinity. So you will get balancing, but clients will stick to the server they initiated the session with.
Jul 7, 2008 at 6:08 PM
OK NLB can be configured this way, but reliability is an essential factor of SaaS if you are going to convince the long tail isnt it? So isnt there a reliable NLB configuration you recommend other than "with affinity" which suits the WCF architecture litwareHR is built on? After all it's something that we can't hide from which is this kind of applications is not meant to be installed on a single server!
Coordinator
Jul 15, 2008 at 5:32 PM
I understand. Honestly, I don't know top of my head, but I will do some research.

There are 2 layers though: the web sites and the web services. Nothing should prevent you to use NLB with no affintiy on the web sites. What we are talking here is what happens between the sites and the WCF web services, which as Hamdan says, uses wsFederationBinding. I need to dig into the WCF docs to see how you can achieve this.

aakshir wrote:
OK NLB can be configured this way, but reliability is an essential factor of SaaS if you are going to convince the long tail isnt it? So isnt there a reliable NLB configuration you recommend other than "with affinity" which suits the WCF architecture litwareHR is built on? After all it's something that we can't hide from which is this kind of applications is not meant to be installed on a single server!


Aug 18, 2008 at 9:06 AM
Havent you find any solution for the STS and load balancing issue with no affinity ?
Sep 2, 2008 at 1:42 PM
Well I think the perfect scenario is to isolate the STS services (Authentication and Authorization) from the other secure services. This would mean the STS will reside on one machine, services on Machine #2 (Load balanced) and the website (client) on another Machine #3 (Load balanced). The way the litware is configured for now is to operate all on one machine. You can also separate the whole services including STS from the client (website) and this also will work. But for the scenario that I've described in the beginning the application would not work and will through ([MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. This fault may have been sent in response to an improperly secured request. See the inner FaultException for the fault code and detail.]) I'm stuck here and hopefully our friends @ codeplex will solve it?
Sep 11, 2008 at 2:10 PM
Finally, I've solved it and its working like magic!
Apr 8, 2010 at 4:41 PM

aakshir: 

How did you solved it ? What bindings did you use?

Could you please post the config files that you used?

I am having the same scenario using a custom STS in a NLB, WCF services layer on another NLB, and web apps also in NLB.

Apr 12, 2010 at 12:17 PM

Hi Gerardog,

I’m sorry I wasn’t able to reply sooner, I was so busy on my end (fixing my own non ending problems).

But what I did was:

· The Certificate used to secure the service should be exported as (.pfx) and imported into other machines you’re planning to deploy on.

· I’ve written methods to serialize and deserialize the SAML tokens in order to be able to store in the session object (since I’m using SQL for sessions in order to let the NLB work)

Hope this helps and let me know if it worked for you.

Thanks,

Ahmad