OIT Application Load Balancing Guideline¶

Scope: OIT
Type: Guideline
Version: 2022-legacy

Goal¶

TBD

Ownership¶

Direct questions to the Owner: TBD email redacted

Resources to comply with this standard should be directed via the Executive sponsor: TBD email redacted

Timeline & Enforcement¶

TBD

Exception Process¶

TBD

Terminology¶

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119

Requirements¶

Original text¶

This document describes when applications or network servers/services shall use a load balancer for high availability or failover. The word, “server/service,” will be used in a general context. This document is not a How-To or a decision guide.

Assumption -

Available OIT Load Balancing Services

F5 in OITDC (HA redundant pair)

F5 in CPL (HA redundant pair)

F5 in SDSC (single instance for DR)

For AWS, OIT is currently using custom-built Nginx proxy server with Route 53 for new VPC or HAProxy There are also ELB and ALB technologies available for Load Balancing. We don’t have F5 configured in AWS.

You can also use other load balancers as well.

Which load balancer to use is not within the scope of this guideline.

Ensure the load balancer itself is not a single point of failure - it will need a pair The big question - What problem are you trying to solve?

When to use a Load Balancer¶

When you need Goal Benefit Condition

Load Balance To improve application or services uptime
To provide service capacity by adding additional servers To add redundancy If there are 2 or more servers supporting the service

High availability To improve application or services uptime with 2 or more service be behind the load balancer Provide optimal service uptime

Failover Provide uptime during downtime or maintenance windows
To achieve high availability by “failing” existing users to other “good” service Rotate server in and out of services If there are 2 or more servers supporting the service

Site to Site Failover To provide a site to site failover Site to site failover if there is a warm-standby service on the second site. Need to configure Global Traffic Manager in F5 as DNS for that site<BR If there are load balancers of the same type in different data center locations.
There will only have layer 3 routing between sites

Availability during maintenance of servers same as High Availability

SSL Offloading To offload cryptography from the server Help to centralize the SSL configuration for all services behind F5. This will help to offload SSL cryptography from the server/service.

Centralized maintenance – as certificate renewal is required more frequently, this is simpler and will support automation in the future. Generally always.

Exceptions: back-end services do not support SSL offloading, or extraordinary security concerns dictate encryption behind the F5.

When not to use a Load Balancer¶

When you have existing application-layer solutions and a load balancer is not adding benefit, adding a dependency, and might decrease the server availability.

When MQ clients connect to MQ server, it already has failover protocol for more than 1 server. Adding a load balancer will create a dependency on the load balancer and hardware.

Active Directory is another example of an application aware load balancing service. Load balancing or costing can be managed in AD Sites and Services. Another example would be software defined networking as that is handled at the application layer.

Docker or Vagrant containers

When servers or services require clients to be cluster-aware. The failover or load balance protocols are built in the application layer

MQ protocol has “cluster-aware” capability builtin. Adding a load balancer might not add benefit but adding an extra layer of dependency.

To do:

Decision workflow

Need experience/expert in IIS build-in clustering solution v.s. adding a load balancer to front the service

Document use cases

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search

When you need	Goal	Benefit	Condition
Load Balance	To improve application or services uptime To provide service capacity by adding additional servers	To add redundancy	If there are 2 or more servers supporting the service
High availability	To improve application or services uptime with 2 or more service be behind the load balancer	Provide optimal service uptime
Failover	Provide uptime during downtime or maintenance windows To achieve high availability by “failing” existing users to other “good” service	Rotate server in and out of services	If there are 2 or more servers supporting the service
Site to Site Failover	To provide a site to site failover	Site to site failover if there is a warm-standby service on the second site.	Need to configure Global Traffic Manager in F5 as DNS for that site<BR If there are load balancers of the same type in different data center locations. There will only have layer 3 routing between sites
Availability during maintenance of servers	same as High Availability
SSL Offloading	To offload cryptography from the server	Help to centralize the SSL configuration for all services behind F5. This will help to offload SSL cryptography from the server/service. Centralized maintenance – as certificate renewal is required more frequently, this is simpler and will support automation in the future.	Generally always. Exceptions: back-end services do not support SSL offloading, or extraordinary security concerns dictate encryption behind the F5.