Load Balanced Deployment
Note: Load balanced deployment is only supported on Inbound SOTI Cloud Link Agent connections.
To improve high availability or scalability, you can load balance SOTI Cloud Link Agent communication using a common network appliance.
Note: While a combination of reverse proxy and load balancing is possible, the following example only demonstrates a simple load balanced deployment.
In this topology, the SOTI ONE application makes requests to the load balancer, which balances the requests across multiple SOTI Cloud Link Agents. The load balancer is transparent to the SOTI ONE application, therefore mutual authentication is formed between the SOTI ONE application and the SOTI Cloud Link Agent directly.
Note: SOTI Cloud Link Agent communication is stateless, so the use of sticky sessions can be avoided. It is therefore important that each SOTI Cloud Link Agent have the server certificate that matches the load balancer's fully qualified domain name (FQDN).
The following diagram illustrates the Load Balanced SOTI Cloud Link Agent Communication deployment option.
Network Requirements
Review the communication requirements for load balanced SOTI ONE application to SOTI Cloud Link Agent communication.
Bold text indicates required communication.
Protocol | Source | Port | Destination | Port |
---|---|---|---|---|
HTTPs | SOTI ONE application | 443 | Load Balancer | 443 |
HTTPs | Load Balancer | 443 | SOTI Cloud Link Agent Host 1 / 2 | 443 |
LDAPs | SOTI Cloud Link Agent Host 1 / 2 | 636 | AD | 636 |
HTTPs | SOTI Cloud Link Agent Host 1 / 2 | 443 | ADCS | 443 |
DCOM | SOTI Cloud Link Agent Host 1 / 2 | 135 | ADCS | 135 |