The appliance provides front-end load balancing function to automatically assign client requests to the appropriate reverse proxy server based on the scheduling specified algorithm.
In an IBM Security Access Manager environment, you can have many services. Each service has a virtual IP address and a port. Every service is available on one or more real servers. Each server is defined by IP address and a port. The front-end load balancer maps incoming service requests to real servers.
A front-end load balancer is a server that uses a virtual IP address to accept requests from a client. It determines which reverse proxy server is most suitable to handle the request and forwards it to the appropriate reverse proxy server.
Incoming requests from the same client are forwarded to the same server. That is, the front-end load balancer provides stickiness or persistence for existing sessions. The load balancer uses a scheduling algorithm to forward requests from clients that are not already assigned to a back-end server.
In a typical setup, there are two front-end load balancer servers and multiple reverse proxy servers. Configuring two front end load balancers in the environment provides high availability for the front-end load balancing service.
A heartbeat is transmitted between the two front-end load balancers so that the state of each front-end load balancer is known. The load balancer that is actively receiving and processing requests is known as the active load balancer. The other load balancer is known as the passive load balancer.
When available, the primary front-end load balancer acts as the active load balancer. It is assigned the virtual IP address for the load balancing service and awaits incoming client requests.
If the primary front-end load balancer becomes unavailable, the backup load balancer can no longer detect heartbeats. In this situation, the backup load balancer assumes the virtual IP address and starts accepting requests from clients. That is, the backup load balancer becomes the active load balancer until the primary load balancer is restored.
It is possible to configure the reverse proxy functionality on an appliance that is also acting as a front-end load balancer. However, this configuration might have a negative impact on the performance of the front-end load balancer. If you decide to use such setting, you must take the resources that are used by the reverse proxy into consideration.
You must make sure that the front-end load balancer still has enough resources to perform routing effectively.
You can configure a highly available web reverse proxy environment with as few as two appliances, as shown in Figure 2. The active load balancer is on the primary appliance. This load balancer assumes the virtual IP address for the load balancing service. Client requests are received from the Internet-facing network, 10.254.140.0. The load balancer distributes these requests between the web reverse proxy servers, which are on the 10.254.140.0 network.