Load balancer requirements

View the load balancer requirements for Automation 360 installation. This includes load balancer minimum requirements, and both TCP and HTTPS layer load balancing requirements.

Load balancer minimum requirements

As a best practice, ensure the load balancer:
  • (Required) Adheres to the Domain Name System (DNS) guidelines when configuring the domain and subdomain URLs in load balancer.

    Naming guidelines for Control Room URLs

  • (Required) Supports WebSocket protocol (RFC 6455)
  • (Preferred) Uses round-robin host selection and is not configured to use persistent (sticky) sessions.
  • (Preferred) Uses the appropriate TLS security layer:
    • TCP (layer 4) load balancing
    • HTTPS (layer 7) load balancing

      With a Nginx load balancer, set HTTPS termination at nodes by changing http://Backend to https://Backend.

  • (Preferred) Has idle timeout set to 120 seconds.

    The timeout value depends on the process time of various actions in the Control Room such as the time required to check in and check out bots, import bots, and download bot dependencies.

    If the idle timeout is less than the Control Room processing time, a browser request can time out. For example, if the configured idle timeout is not sufficient to complete a bot check-in action, you will have to refresh your browser to validate whether the bot check-in action is successful or not.

Load balancer health check parameters

The load balancer health check parameters depend on various factors such as the type of load balancer used, network latency, and user interface responsiveness within and outside the load balancer.

TCP (Layer 4) Load Balancing

When TCP is applied at layer 4 with the load balancer, the certificate is installed on every Control Room corresponding to the load balancer URL.

Load balancer TCP on layer 4, certificate on Control Room.

In the image, Control Room components are shown in orange and other components are shown in blue.

End-to-end encryption without the possibility of intercept at the load balancer.
Single certificate required.
If audit logging is required, the load balancer cannot report the requests from clients.
Does not use TLS hardware offloading, even if the load balancer supports it.

HTTPS (Layer 7) Load balancing

When HTTPS is applied at layer 7 with the load balancer, the certificate corresponding to the load balancer URL is applied through the load balancer. The Control Room trusts the certificates received from the load balancer.

Load Balancing HTTPS, layer 7, certificate through load balancer

Allows request logging, when supported by the load balancer.
Reduces load from TLS handshake through hardware offloading, when supported by the load balancer.
Certificates must be managed both on the load balancer and on the control room nodes
Possible interception of data at the load balancer hardware level, because TLS session is not end-to-end.

For Automation 360 users on release Build 7560 and later, if SSL offloading is applied at load balancer level for communication between load balancer and application nodes, the traefik.toml file in application server needs to be re-configured.

See SSL offloading for Automation 360 v.18 and later (A-people login required) | A360 | Device shows disconnected after registration with Load Balancer URL (A-People login required)