Hi Rob,<br><br>At Brandeis we're running Cisco ACE 30 modules inside of our Cisco 7200 switches. They're tremendously overkill for what we use them for--about 20 different applications, which are mostly HTTP/S, LDAP/S, or DNS. For authentication, we use them in conjunction with our SSO system, Cosign (UMich), which is HTTPS on the user-facing end, but also HTTPS between the login servers and all the other servers. We also use them to load-balance queries against OpenLDAP servers.<br>
<div><br></div><div>At this point, the ACE is EOL, so I don't think you'd be able to purchase any, but we certainly are able to load-balance both LDAPS and HTTPS. I'd imagine it's possible with just about any other solution.</div>
<div><br></div><div>Depending on your apps, you'll want to keep persistent (or "sticky") sessions in mind--some things only maintain their sessions on a single node of your load-balanced cluster, so all subsequent communication has to come back to the same spot. We're also moving stuff out into EC2, so local load balancers obviously don't do the job there.</div>
<div><br></div><div>If you're running anything like OpenStack, CloudStack, or Eucalyptus, they'll often have their own load balancers, too.</div><div><br></div><div>John<br><div><div><br><div class="gmail_quote">On Mon, Mar 11, 2013 at 10:53 PM, Rob Taylor <span dir="ltr"><<a href="mailto:rgt@wi.mit.edu" target="_blank">rgt@wi.mit.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Guys. We have some applications here that either can't or can't easily support connections to redundant servers for authentication,<br>
and another application that has been known to beat the tar out of the single authentication server it uses.<br>
I was asked to look into it and some talk had came up about looking into a load balancer for distributing the load, or at least making it so that the less capable clients can failover to another server.<br>
I'm sure we would find other uses for it besides this, like web redirection during server outages/maintenance, and possibly distributing logins to cluster login nodes.<br>
<br>
Right now, our needs are pretty meager. I've started looking at a some software ones, like balanceNG, HAproxy, to see what they can do.<br>
I've also downloaded a demo of stingray, which used to be known as Zeus.<br>
Coyote point also makes a very inexpensive starter hardware model, $2k list.<br>
I've got cisco gear in house, but none that seem to support SLB or I would have looked at that as well.<br>
<br>
Load balancers are a technology that I've never really had a chance to play with, so I don't really know what to look for and what to avoid.<br>
Can anyone out there provide any insight on products that they have used, what they have used them for and their experiences?<br>
<br>
Thanks.<br>
<br>
rgt<br>
<br>
Whitehead Network/System Administrator<br>
<br>
_______________________________________________<br>
bblisa mailing list<br>
<a href="mailto:bblisa@bblisa.org">bblisa@bblisa.org</a><br>
<a href="http://www.bblisa.org/mailman/listinfo/bblisa" target="_blank">http://www.bblisa.org/mailman/listinfo/bblisa</a><br>
</blockquote></div><br></div></div></div>