Enterprise load balancing

The enterprise load balancer dynamically allocates managed units to S-TAP® agents based on system load and availability.

Overview

Enterprise load balancing automates several tasks:
  • It dynamically rebalances loaded or busy managed units by relocating S-TAP agents to managed units with lower loads. It balances the load of a group of S-TAPs among a group of managed units.
  • It dynamically manages failover and unavailable managed unit scenarios, relocating S-TAP agents to another managed unit, or units, in its associated group.
  • It evaluates the load of managed units before it assigns those managed units to an S-TAP agent.

See the Load Balancer Events report to review all load balancing activity.

Enterprise load balancing is disabled by default on Guardium® systems.

Enterprise load balancer does not balance the number of S-TAPs, sessions, or traffic. It allocates and moves S-TAPs between managed units to avoid overloading the sniffer process on those Guardium systems. The result is that some managed units have more S-TAPs pointing to them than others.

Note: S-TAP load balancing can be used simultaneously with enterprise load balancing, except for the grid model. For more details on S-TAP load balancing, see Linux-UNIX: S-TAP load balancing models and configuration guidelines and Windows: S-TAP load balancing models and configuration guidelines.

How it works

The enterprise load balancing application works by collecting and maintaining up-to-date load information from all its managed units. This process is called load collection.

It uses the load information to create a load map. This load map provides the data that directs load balancing and managed unit allocation activities. For more information, see Viewing the enterprise load balancing load map.

Load collection errors from specific managed units are recorded in the Load Balancer Events report but do not interfere with the overall load collection and load balancing processes. However, failure to collect load information from a managed unit excludes that managed unit from participation in load balancing processes.

Failover groups

If an S-TAP is requesting a new managed unit to fail over to, the load balancer searches in the associated managed unit group for an available managed unit. If it cannot find a managed unit, it continues its search in the failover groups until it finds one. You can define multiple failover groups.

You can prioritize the failover groups, for a controlled disaster recovery strategy. The load balancer searches for an available managed unit in the failover groups, starting with the group, or groups, whose priority is 1. Priority rule guidelines:
  • The priority list must be sequential starting with 1.
  • Multiple groups can have the same priority.
  • The priorities cannot skip a level. For example, 1,1,2,3 is valid. However, 1,2,4,5 is invalid.

You must specify at least one associated managed unit group before you can specify a failover group association.

Attention: Make sure that all failover groups send their data to the same aggregator to simplify aggregation. (An exception is if you are using a data mart.)
Load is not rebalanced within any one failover group.