Load balancer requirements
View the load balancer requirements for Automation 360 installation. This includes load balancer minimum requirements, and both TCP and HTTPS layer load balancing requirements.
Load balancer minimum requirementsAs a best practice, ensure the load balancer:
- (Required) Supports WebSocket protocol (RFC 6455)
- (Preferred) Uses round-robin host selection and is not configured to use persistent (sticky) sessions.
- (Preferred) Uses the appropriate TLS security layer:
- TCP (layer 4) load balancing
- HTTPS (layer 7) load balancing
With a Nginx load balancer, set HTTPS termination at nodes by changing
- (Preferred) Has idle timeout set to 120 seconds.
The timeout value depends on the process time of various actions in the Control Room such as the time required to check in and check out bots, import bots, and download bot dependencies.
If the idle timeout is less than the Control Room processing time, a browser request can time out. For example, if the configured idle timeout is not sufficient to complete a bot check-in action, you will have to refresh your browser to validate whether the bot check-in action is successful or not.
Load balancer health check parameters
The load balancer health check parameters depend on various factors such as the type of load balancer used, network latency, and user interface responsiveness within and outside the load balancer.
TCP (Layer 4) Load Balancing
When TCP is applied at layer 4 with the load balancer, the certificate is installed on every Control Room corresponding to the load balancer URL.
In the image, Control Room components are shown in orange and other components are shown in blue.
- End-to-end encryption without the possibility of intercept at the load balancer.
- Single certificate required.
- If audit logging is required, the load balancer cannot report the requests from clients.
- Does not use TLS hardware offloading, even if the load balancer supports it.
HTTPS (Layer 7) Load balancing
When HTTPS is applied at layer 7 with the load balancer, the certificate corresponding to the load balancer URL is applied through the load balancer. The Control Room trusts the certificates received from the load balancer.
- Allows request logging, when supported by the load balancer.
- Reduces load from TLS handshake through hardware offloading, when supported by the load balancer.
- Certificates must be managed both on the load balancer and on the control room nodes
- Possible interception of data at the load balancer hardware level, because TLS session is not end-to-end.
For Automation 360 users on release Build 7560 and later, if SSL offloading is applied at load balancer level for communication between load balancer and application nodes, the traefik.toml file in application server needs to be re-configured.