Automation 360

Load balancer requirements

Download as PDF

Load balancer requirements

Download as PDF

Updated: 2025/10/22

View the load balancer requirements for Automation 360 installation. This includes load balancer minimum requirements, and both TCP and HTTPS layer load balancing requirements.

Load balancer minimum requirements

As a best practice, ensure the load balancer:

(Required) Adheres to the Domain Name System (DNS) guidelines when configuring the domain and subdomain URLs in load balancer.
Naming guidelines for Control Room URLs
(Required) Supports WebSocket protocol (RFC 6455)
(Preferred) Uses round-robin host selection and is not configured to use persistent (sticky) sessions.
(Preferred) Uses the appropriate TLS security layer:
- TCP (layer 4) load balancing
- HTTPS (layer 7) load balancing
  With a Nginx load balancer, set HTTPS termination at nodes by changing http://Backend to https://Backend.
(Preferred) Has idle timeout set to 120 seconds.
The timeout value depends on the process time of various actions in the Control Room such as the time required to check in and check out bots, import bots, and download bot dependencies.

If the idle timeout is less than the Control Room processing time, a browser request can time out. For example, if the configured idle timeout is not sufficient to complete a bot check-in action, you will have to refresh your browser to validate whether the bot check-in action is successful or not.

Note:

For any On-Premises Control Room configured to use Transport Layer Security (TLS) termination at the load balancer and uses HTTP to connect to Control Room nodes, additional Control Room configurations are required to forward all X-Forwarded-* headers. See A360 | Forward all X-Forwarded-* headers during TLS termination
Do not use special characters like underscores (‘_’) in the Fully Qualified Domain Name (FQDN) for the load balancer or Control Room nodes. See A360 | Device is disconnected post successful registration.

Load balancer health check parameters

The load balancer health check parameters depend on various factors such as the type of load balancer used, network latency, and user interface responsiveness within and outside the load balancer.

TCP (Layer 4) Load Balancing

When TCP is applied at layer 4 with the load balancer, the certificate is installed on every Control Room corresponding to the load balancer URL.

Load balancer TCP on layer 4, certificate on Control Room.

In the image, Control Room components are shown in orange and other components are shown in blue.

Pros: End-to-end encryption without the possibility of intercept at the load balancer.; Single certificate required.
Cons: If audit logging is required, the load balancer cannot report the requests from clients.; Does not use TLS hardware offloading, even if the load balancer supports it.

HTTPS (Layer 7) Load balancing

When HTTPS is applied at layer 7 with the load balancer, the certificate corresponding to the load balancer URL is applied through the load balancer. The Control Room trusts the certificates received from the load balancer.

Load Balancing HTTPS, layer 7, certificate through load balancer

Pros: Allows request logging, when supported by the load balancer.; Reduces load from TLS handshake through hardware offloading, when supported by the load balancer.
Cons: Certificates must be managed both on the load balancer and on the control room nodes; Possible interception of data at the load balancer hardware level, because TLS session is not end-to-end.