The Smartcrypt Manager supports being used in a network load balancer. This configuration will allow the Smartcrypt Manager to handle more load as the web traffic is evenly distributed to each of the Smartcrypt Manager instances. To successfully deploy a load balanced environment, addition software and system(s) configuration is required. 


Network Load Balance Setup

Pre-requirements

  1. Several Windows servers on which the Smartcrypt Manager will be installed.
    1. Each system needs a distinct hostname and two network interfaces, each with a static IP address.
  2. An extra IP address not used by any server, and a public hostname which your clients will use.


Instructions on Setup

  1. Set up all Windows servers to run the Smartcrypt Manager, following the installation instructions.

    Windows server management roles and features wizard
  2. Install the Network Load Balancing feature on each server.
  3. Install Network Load Balancing Tools on each server.
  4. Run "nlbmgr" to open the Network Load Balancing Manager.
    Note - if you are using Windows Server Core environments for the Smart Manager, you will need to do the configuration from Windows Server GUI environment with Network Load Balancing Tools enabled.
  5. From the menubar in the Network Load Balancing Manager, choose Cluster > New.
  6. On the "Connect" page, type the hostname of one of the Smartcrypt Enterprise Manager instances; click Connect. Select "Local Area Connection" in the list (Not "Local Area Connection 2"). Click Next.

    Cluster config wizard

  7. At the "Host Parameters" page, confirm the IP address / subnet mask.  Click Next.



  8. At the "Cluster IP Addresses" page, click Add and enter in the extra IP address. Click Next.

    Cluster IP addresses and subnetCluster IP address endpoint configuration

  9. At the "Cluster Parameters" page, confirm that the IP address matches what you entered on the previous page, type your public hostname in the "Full Internet Name" box. Choose the desired Cluster Operation Mode (Multicast or Unicast), and click Next.

    Define cluster hostname

  10. At the "Port Rules" page, click Edit and confirm that the settings are appropriate, then click Finish.
    Notes: Under Filtering Mode, Select Single affinity to keep each client talking to the same Smartcrypt Manager instance. If you select Network, you need to use Memcached to provide a shared cache.
    By default, Port Range forwards all TCP and UDP ports - you might want to narrow it down to just TCP 443.

    Set cluster ports and affinity

  11. The cluster should now appear in the left pane. Right-click it and choose Add Host to Cluster.
  12. Repeat steps 5-6 above, specifying the next server.
  13. In the IIS Manager on each Smartcrypt Enterprise Manager, configure each IIS instance to use a specific Service Account (on Active Directory) for its Application Pool identity.

    Set service account for application pool