Load Balancing the Smartcrypt Manager

The Smartcrypt Manager supports being used in a network load balancer. This configuration will allow the Smartcrypt Manager to handle more load as the web traffic is evenly distributed to each of the Smartcrypt Manager instances. To successfully deploy a load balanced environment, addition software and system(s) configuration is required. 


Network Load Balance Setup

Pre-requirements

  1. Several Windows servers on which the Smartcrypt Manager will be installed.
    1. Each system needs a distinct hostname and two network interfaces, each with a static IP address.
  2. An extra IP address not used by any server, and a public hostname which your clients will use.

Instructions on Setup

  1. Set up all Windows servers to run the Smartcrypt Manager, following the the installation instructions.
  2. Install the Network Load Balancing feature on each server.
  3. On a Windows server with "Network Load Balancing Tools" (which should be installed after step 2 above), run "nlbmgr" to open the Network Load Balancing Manager. Note - if you are using Windows Server Core environments for the Smart Manager, you will need to do the configuration from Windows Server GUI environment with Network Load Balancing Tools enabled.
  4. From the menubar in the Network Load Balancing Manager, choose Cluster -> New.
  5. On the "Connect" page, type the hostname of one of the Smartcrypt Manager instances and press Connect, then select "Local Area Connection" in the list (there should also be "Local Area Connection 2" - don't select that) and press Next.
  6. At the "Host Parameters" page, confirm the IP address / subnet mask (they shouldn't need to be changed) and press Next.
  7. At the "Cluster IP Addresses" page, press Add and enter in the extra IP address, then press Next.
  8. At the "Cluster Parameters" page, confirm that the IP address matches what you entered on the previous page, type your public hostname in the "Full Internet Name" box, choose the desired operation mode (Multicast or Unicast), and press Next.
  9. At the "Port Rules" page, press Edit and confirm that the settings are appropriate, then press Finish.
    1. Select "Single" affinity to keep each client talking to the same Smartcrypt Manager instance. If you select network, you will need to use Memcached to provide a shared cache.
    2. By default, it forwards all TCP and UDP ports - you might want to narrow it down to just TCP 443.
  10. The cluster should now appear in the left pane. Right-click it and choose "Add Host to Cluster".
  11. Repeat steps 5-6 above, specifying the next server.
  12. In the IIS Manager on each Smartcrypt Manager, configure each IIS instance to use a specific Service Account (on Active Directory) for its Application Pool identity.