Load Balancing SPP Access

Can we configure Access to SPP (thick client or web) behind a load balancer? Ideally, we are looking at some way to allow user continuous access without user going to another IP when one of the node is down. Any recommendation what's the best approach to tackle this? Thanks!

Parents
  • Hi Cyril

    The Simple answer is yes it is possible to place Load Balancer(s) in front of the SPPp appliances to achieve what you are looking for..

    All connections to the Safeguard solution are made over SSL. No other connection protocols are supported.

    As the load balancer(s) will be deployed in front of the Safeguard solution, the termination point of the SSL traffic would depend on the type of Load Balancer used. SSL certificate will need to be installed in the relevant locations.

    There are numerous API endpoints that can provide information that can be used to provide data that can be used when developing Load Balancer configuration.

    All of them are accessed via a simple web page request.

    The ApplianceStatus endpoint API will provide basic information on the status of the appliance.

    Access to this API does not require authentication..

    The Cluster/Status/PlatformTaskLoadStatus endpoint API shows how many platform tasks (check, change, SSH key changes, discoveries, so forth) are queued or running, and gives information about threads being used to run them.

    Access to this API requires authorization.

    It also requires a user with OperationsAdmin or Auditor permission.

    To access this or other API’s that require authentication then a task with a user configured to use certificate based authentication could be created and assigned the relevant permissions.

    The Safeguard API interface provides the ability to 'copy and paste' the URLs required to access the API’s as well as offering a 'try it out' button to show the kind of response that will be receive for each API function.

    One Identity do not provide sample Load Balancer configurations.

    Here are a couple of examples of the output given by the ApplianceStatus and the Appliance/Health API's taken from a my test system a while back that could be used to help with your Load Balancer configuration

    GET /v2/ApplianceStatus

    Request URL https://192.168.0.105/service/appliance/v2/ApplianceStatus

    Response

    {"Identity":"000C299C0797","Name":"SG-000C299C0797","InstalledLicenses":[{"Type":"Trial","Module":"PasswordManagement","IsValid":true,"Expires":"2018-10-31T23:59:59Z"},{"Type":"Trial","Module":"SessionManagement","IsValid":true,"Expires":"2018-10-31T23:59:59Z"}],"IsReadOnly":false,"RunLevel":"Level5"}

    GET /v2/ApplianceStatus/Health

    Request URL https://192.168.0.105/service/appliance/v2/ApplianceStatus/Health

    Response

    {"ApplianceId":"000C299C0797","AuditLog":{"Error":null,"Status":"Healthy"},"CheckDate":"2018-09-26T22:29:47.1000523Z","CheckDuration":{"Days":0,"Hours":0,"Milliseconds":952,"Minutes":0,"Seconds":12,"TotalMilliseconds":12952.772200000001},"ClusterCommunication":{"Error":null,"Status":"Healthy"},"ClusterConnectivity":{"Error":null,"Status":"Healthy","NodeConnectivity":[]},"Name":"SG-000C299C0797","NetworkInformation":{"Ipv4Address":"192.168.0.105","Ipv6Address":null,"LinkPresent":true,"LinkSpeedMbps":1000,"MacAddress":"000C299C0797"},"AccessWorkflow":{"Error":null,"Status":"Healthy"},"PolicyData":{"Error":null,"Status":"Healthy"},"ResourceUsage":{"DiskFreeBytes":27855605760,"DiskPercentFree":43.59,"DiskTotalBytes":63898120192,"MemoryFreeBytes":1870536704,"MemoryPercentFree":17.4216022,"MemoryTotalBytes":10736881664,"ProcessorCount":4,"ProcessorPercentUsed":6.35167742,"Temperatures":[]},"SerialNumber":"000C299C0797","State":"Online","UpTime":{"Days":0,"Hours":0,"Milliseconds":836,"Minutes":24,"Seconds":41,"TotalMilliseconds":1481836.0},"Version":{"Major":2,"Minor":3,"Revision":0,"Build":7426,"BuildDate":"2018-08-14T23:14:45.1211132Z","BuildVariant":"prod","BuildPlatform":"vmware","SessionsVersion":{"Version":"5F6","FirmwareVersion":"5.6.0","BuildDate":"2018-04-25T12:38:02Z"}},"SessionsModule":{"Error":null,"Status":"Healthy"}}

    Hope this helps.
    Best regards
    Tim

     

  • Tim, thanks for the details. This info is good to get me started planning for my client. 

Reply Children
No Data