11:52 a.m.
I'd like to put some load balancers in front of a set of TPS instances (acting as a
single virtual TPS) and in front of the CAs that would issue the actual certs. The
balancers would be more for reliability and uptime than performance.
Are there any limitations I need to know about? Is it possible to have multiple TPS
instances talk to a single TKS instance?
/B
12:47 p.m.
bob.lord(a)gmail.com wrote:
I'd like to put some load balancers in front of a set of TPS
instances
(acting as a single virtual TPS) and in front of the CAs that would
issue the actual certs. The balancers would be more for reliability
and uptime than performance.
Are there any limitations I need to know about? Is it possible to
have multiple TPS instances talk to a single TKS instance?
/B
------------------------------------------------------------------------
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
You can have load balancers in front of TPS instances. Two things I'd
like to call to your attention:
1. Between ESC and TPS, HTTP chunked encoding is used, so your load
balancer needs to support that.
2. The phone home url on the ESC needs to point to the load balancer.
Christina
3:25 p.m.
On Fri, Sep 12, 2008 at 10:47 AM, Christina Fu <cfu(a)redhat.com> wrote:
bob.lord(a)gmail.com wrote:
> I'd like to put some load balancers in front of a set of TPS instances
> (acting as a single virtual TPS) and in front of the CAs that would issue
> the actual certs. The balancers would be more for reliability and uptime
> than performance.
> Are there any limitations I need to know about? Is it possible to have
> multiple TPS instances talk to a single TKS instance? /B
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
>
You can have load balancers in front of TPS instances. Two things I'd like
to call to your attention:
1. Between ESC and TPS, HTTP chunked encoding is used, so your load
balancer needs to support that.
2. The phone home url on the ESC needs to point to the load balancer.
The load balancers are (usually) transparent, so I'd still point them to
tps.corp.example.com, and the load balancer would deal with the connection
consistency, right? Let me know if I'm not thinking about this right.
-Bob
7:25 a.m.
Bob Lord wrote:
On Fri, Sep 12, 2008 at 10:47 AM, Christina Fu <cfu(a)redhat.com
<mailto:cfu@redhat.com>> wrote:
bob.lord(a)gmail.com <mailto:bob.lord@gmail.com> wrote:
I'd like to put some load balancers in front of a set of TPS
instances (acting as a single virtual TPS) and in front of the
CAs that would issue the actual certs. The balancers would be
more for reliability and uptime than performance.
Are there any limitations I need to know about? Is it possible
to have multiple TPS instances talk to a single TKS instance? /B
------------------------------------------------------------------------
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com <mailto:Pki-users@redhat.com>
https://www.redhat.com/mailman/listinfo/pki-users
You can have load balancers in front of TPS instances. Two things
I'd like to call to your attention:
1. Between ESC and TPS, HTTP chunked encoding is used, so your load
balancer needs to support that.
2. The phone home url on the ESC needs to point to the load balancer.
The load balancers are (usually) transparent, so I'd still point them to
tps.corp.example.com <http://tps.corp.example.com>;, and the load
balancer would deal with the connection consistency, right? Let me know
if I'm not thinking about this right.
Not sure if my scanrio is the same, but sometime ago, I tried to
configure a load balancer between two CA instances. Ex the load balancer
was trying to send traffic to ca1.example.com and ca2.example.com. The
client saw it as a man in the middle attack (as the client was going to
ca.example.com). Tried different things to make it work but without
success.
-Satish.
-Bob
------------------------------------------------------------------------
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
5950
days inactive
5953
days old
3 comments
4 participants
participants (4)
-
Bob Lord -
bob.lord@gmail.com
-
Christina Fu -
Satish Chetty