vCloud Automation Center 6 Load Balancer configuration

Every Distributed vCloud Automation Center 6 installation involves configuring load balancing at several levels. As load balancers have historically been the responsibility of the network team, many virtualization/server admins are not comfortable with them.  Further, if your load balancing request is not clear and detailed the network team will return the request back and ask for more clarifications and any extra required details. This seems to give many Cloud/Virtualization admins a hard time when trying to complete a vCloud Automation 6 Distributed install. In a try to help the rest of us get the info they need to pass to the network team to configure the load balancing required to complete a vCAC Distributed install, I will try to provide as much details required in this post.

Let’s start by trying to figuring out where do we need to plug in our load balancers, and which components we need to load balance. How about a diagram which present where load balancers fit in a vCAC Distributed install:

vCAC Distributed install Load balancer

 Below is the required configuration for load balancing vCloud Automation Center 6 at each level:

vCloud Automation Center Appliance (VIP):

The vCAC Appliances will be setup in an Active/Active configuration with the below configuration:

  • Transport Protocol: Https (443)
  • Load balancing Method: Least Response Time
  • Enable session affinity or sticky session  (Source IP or Cookies)
  • Health Check URL: https://<Your vCAC Appliance FQDN>      Ex: https://vcacapp01.vt.com

IaaS Windows Virtual Machine (Model Manager and Web Service) – VIP:

  • Transport Protocol: Https (443)
  • Load balancing Method: Least Response Time
  • Enable session affinity or sticky session
  • Health Check URL: https://<Your IaaS Web Machine FQDN>      Ex: https://iaasweb01.vt.com

IaaS Windows Virtual Machine (Manager Service) – VIP:

  • Transport Protocol: Https (443)
  • Load balancing Method: Failover
  • Session affinity or stick session will not be setup for Manager Service as it is active passive and the passive node should have no requests sent to it at all.
  • Health Check URL: https://<Your Manager Service FQDN>/VMPS2               Ex: https://iaasmgr01.vt.com/VMPS2

vCAC Distributed Install Load Balancer
Few more questions I have frequently encountered when discussing load balancers in vCAC 6 environment

  • Do you want to pass HTTPS right through to end server or terminate the HTTPS session at the load balancer?

Both configuration work, though I have noticed most customers go with a pass through configuration as it seems to be the easier to achieve as well it scale well as it distributes the SSL Termination workload across multiple VMs rather than it being solely processed by a single  load balancer. On the other hand, the main advantage of SSL Termination on the load balancer is that the load balancer can add extra security feature at layer 7 as it can block requests that is coming on port 443 but not being HTTPS (Please note this assume your load balancer support such a feature F5 for example support such feature).

  • How do you configure session affinity/persistence for IaaS Web & vCAC Appliance?

Source IP seems to be used most often being the easiest to setup and being available on most load balancers, though cookies based affinities/persistence is another way of achieving the same result.

  • For “Manager Service” you indicate load balancing is failover.  Will both severs be up and running and responding to a health monitor?

Manager Service is  Active/passive, where only a single Manager Service handle all the requests. The heath monitor address provided will only be a life on a single machine at a time.  Manager Service is actually only running on one machine where it is off on the second machine and has to be started manually in case of failure.

  • What about DEM Worker & Proxy Agents?

For those who looked at the components involved in a vCAC Distributed install, you will noticed I have not mentioned the DEM Worker or Proxy Agents. Both of these components are Active/Active, but how the load is distributed to them is managed internally by vCAC and does not required any load balancer interaction and hence not mentioned earlier in this blog post.

Hope this help at least one person save time getting the load balancing part of vCAC Distributed setup completed. If you are that person, please make my day and leave me a comment with your feedback.

Comments

  1. Great post! What do you recommend using hardware or software based load balancing solutions for vCAC?

  2. Ivo, It seems to have always dependent on what is my customer is familiar with, as both seems to do as a good of a job. In particular that many of the hardware load balancer vendors are coming up with their own software versions. On the other hand, if you currently don’t have a load balancer and looking for a cheaper alternative, software load balancer seems to come at a cheaper cost most of the time and that in turn allow you to shed the extra cash for getting a redundant configuration and to protect it the same way you protect your other VMs. I have noticed software load balancers taking over lately due to these advantages.

  3. Jens Mattfeld says:

    Hi, one question that I have in regards of load balancing. Can I put Iaas Web Component and Manager Service on one VM? Meaning that I have 2 VMs with both Web Component and Manager Service installed and then setup the loadbalancers for each of them? How do the loadbalancers address the Web Component and the Manager service then?

    thanks, Jens

  4. Hi Jens,

    I know that is supported and workable. Actually this is how they have done it in the reference architecture. You can load balance the Web server and leave the Manager Service without a load balancer as you will have to fail it over manually any way or you can setup a different VIP for each service.

    Hope this help.

    Thanks,
    Eiad

  5. Eiad:

    What do you, or your customers, do to ensure that only one instance of the manager service is running?

  6. Kalyan Ponugoti says:

    Hi Eiad,

    What we need mention in “Iaas Server field” under “Model Manager Data” tab when we install IaaS web and Model Manager components on first server? Is that VIP name or the same server where we are installing the components?

    Thanks,
    Kalyan

  7. Kalyan, That would be the VIP.

Speak Your Mind

*

Sponsors