The SRA Platform SRA Load Balancing and High Availability
Many businesses face the challenge of being required to scale to meet the demands of hundreds and thousands of concurrent requests every second. They are also required to keep their services (core remote access, WAF and Virtual Assist/Access) running with very minimal downtime, as well as being able to offer access to the intranet in a reliable and secure fashion. Features like Load Balancing and High Availability (HA) play an important role in solving these challenges.
When an organization uses Dell™ SonicWALL™ Secure Remote Access (SRA) Series appliance to protect an ever-increasing number of Web applications, the need to scale to meet these demands becomes very important. Certain application delivery deployments call for an external load balancer to distribute the load of Web Application Firewall (WAF) services scanning, application offloading and URL rewriting across several backend Web servers and Dell SonicWALL WAF devices or even third party WAF devices. The load balancing functionality built into the SRA Series appliance will achieve this same level of scalability expected for medium-sized business and enterprise deployments. The failover feature on the SRA Series ensures continuous availability of Web-based applications.
Load balancing is a mechanism by which an SRA Series appliance can partition requests across multiple Web servers. This can achieve the following goals:
- Optimally share resources, such as memory, CPU and network bandwidth.
- Increase throughput.
- Increase availability.
The Load Balancer functionality can be used to load balance across multiple Web server farms, thereby apportioning traffic to crucial Web services more effectively (see Figure 1).
Alternatively, the same technology can also be used to load balance across multiple SRA Series appliances to partition the HTTP/HTTP(S) requests across them, thus offering additional flexibility and security (see Figure 2).
The Dell SonicWALL Load Balancer allows an IT administrator to configure a group of servers or application offloading portals, to participate in sharing the workload otherwise handled by one appliance. The workload distribution is based on a configured scheduling policy as chosen by the administrator. The administrator can choose the workload distribution by assigning an ‘LB Ratio’ for each load-balanced member.
The administrator can globally enable “load balancing,” and “failover.” The “failover” concept applies to the ability of being able to probe the activity of the load-balanced members and if any unresponsive members are found, distribute that member’s load across the other active members.
Load Balancing Methods:
Load balancing methods are determined by the scheduling policy used to distribute incoming requests. The load-balancing algorithm methods are:
- Weighted Requests keep track of the number of incoming requests to decide which member should handle the next incoming request. The LB Ratio will decide the percentage distribution.
- Weighted Traffic keeps track of the number of bytes of inbound/outbound data to decide which member should handle the next incoming request.
- Least Requests keep track of the number of incoming requests that are currently being serviced to decide which member should handle the next incoming request. This is different from Weighted Requests, which tracks even the requests that have been successfully completed.
The methods by which the Dell SonicWALL Load Balancer can probe and test the activity of each member include the following:
- ICMP Ping
- TCP Connect (3-Way TCP Handshake completion)
- HTTP/HTTP(S) GET request
Medium and large sized enterprises have requirements to maintain their services and keep them up and running with a high degree of reliability to provide secure remote access, remote PC support, or protection for Web applications from Web-based threats. By providing the redundancy and availability in services, High Availability (HA) constitutes a critical feature.
Setting up a HA pair Secure Remote Access (SRA) Series appliances entails having one SRA 4600 appliance configured as the primary device, and an identical SRA 4600 appliance configured as the backup device. The figure below describes how two SRA 4600 appliances can be deployed in a HA configuration.
High Availability on the SRA Series makes it easy for the backup appliance to share the same configuration as well as the licenses that are installed on the primary appliance.
During normal operation, the primary appliance is in an active state, and services all the connections. The backup appliance is in an idle state. When the primary appliance loses connectivity, the backup appliance will transition to active state and begin to service the customer connections. Having this kind of redundancy built in to a remote access solution allows administrators to avoid a single point of failure, provide high uptime, and a better user experience for the remote users.