Enterprise 11: Load balancer requirements

View the load balancer requirements for Automation Anywhere installation. This includes load balancer minimums, and both TCP and HTTPS layer load balancing requirements.

Load Balancer Minimum Requirements

For best practice with Automation Anywhere, ensure the load balancer:
  • (Required) Supports WebSocket protocol (RFC 6455)
  • (Preferred) Has idle timeout set to 120 seconds
  • (Preferred) Uses round-robin host selection. Is not configured to use persistent (sticky) sessions.
  • (Preferred) Uses the appropriate TLS security layer:
    • TCP (layer 4) load balancing
    • HTTPS (layer 7) load balancing With a Nginx load balancer, set HTTPS termination at nodes by changing http://Backend to https://Backend.

TCP (Layer 4) Load Balancing

When TCP is applied at layer 4 with the load balancer, the certificate is installed on every Control Room corresponding to the load balancer URL.

Load balancer TCP on layer 4, certificate on Control Room. )
Pros:
  • End-to-end encryption without the possibility of intercept at the load balancer.
  • Single certificate required.
Cons:
  • If audit logging is required, the load balancer cannot report the requests from clients.
  • Does not use TLS hardware offloading, even if the load balancer supports it.

HTTPS (Layer 7) Load Balancing

When HTTPS is applied at layer 7 with the load balancer, the certificate corresponding to the load balancer URL is applied through the load balancer. The Control Room trusts the certificates received from the load balancer.

Load Balancing HTTPS, layer 7, certificate through load balancer
Pros:
  • Allows request logging, when supported by the load balancer.
  • Reduces load from TLS handshake through hardware offloading, when supported by the load balancer.
Cons:
  • Certificates must be managed both on the load balancer and on the control room nodes.
  • Possible interception of data at the load balancer hardware level, because TLS session is not end-to-end.