Load balancing for ADSelfService Plus
Load balancing is a technique that distributes incoming requests across many servers. This helps alleviate performance degradation resulting from heavy traffic, eliminate downtime caused by system or application failure, and provide a much better experience for end users.
Before you begin
- Make sure you install the same version of ADSelfService Plus on multiple machines (at least two). These machines should be in the same network, and able to communicate with each other without any restrictions from firewall or antivirus programs.
- Choose one instance of ADSelfService Plus as the primary node. The rest will act as the secondary nodes. All the secondary nodes will use the database configured in the primary node.
- Any changes to the load balancing configuration can only be done from the primary node.
- When load balancing is enabled, high availability cannot be enabled.
- Smart card authentication will be disabled when load balancing is enabled.
- SSL certificate and session expiration time should be configured individually for each ADSelfService Plus node involved in the load balancing configuration.
- If you want to enable HTTPS for the load balancer service, enable HTTPS for all the ADSelfService Plus nodes involved in the load balancing configuration.
- The SSL connection must be the same in all the nodes. If SSL connection is enabled on the primary node, it must be enabled on all the secondary nodes as well.
- If you are using a context path in the ADSelfService Plus URL, please use the same context path for all the secondary nodes.
- Once load balancing is configured, you will have a load balancer access URL. Configure it as the product access URL.
Steps to configure load balancing
- Start ADSelfService Plus on all the machines.
- Choose the ADSelfService Plus instance you have selected as the primary node, and log in as an administrator.
- Go to Admin → Enterprise Essentials → Load Balancing.
- Click Configure Load Balancer.
- The Primary Node URL will be automatically populated.
- Enter the Load Balancer Port. This port will be used by the Load Balancer service, and it should be different from the port used by ADSelfService Plus.
- Once you enter the port number, the Load Balancer URL will be populated.
Note: Use this URL as the Access URL in Admin → Product Settings → Connection → Configure Access URL.
- In the Secondary Node section, enter the hostname or IP address and the port number of ADSelfService Plus installed in another machine in the Server URL field.
- In the Product Admin Username and Password fields, enter the username and password of a user with the Super Admin role in the secondary ADSelfService Plus node.
- Click Save.
- If you want to add more secondary nodes, click the + icon and repeat Step 9.
- First, the primary node will automatically restart. Once it’s up and running, all secondary nodes will be automatically restarted.
Steps to modify the load balancing configuration
Any modification to the load balancing configuration must be performed only from the primary node.
- To add more servers to the load balancing configuration:
- Log in as an admin to the ADSelfService Plus primary node.
- Go to Admin → Enterprise Essentials → Load Balancing.
- Click Add New Node.
- Enter the hostname or IP address and the port number of ADSelfService Plus installed in another machine in the Server URL field.
- In the Product Admin Username and Password fields, enter the username and password of a user with the Super Admin role in the secondary ADSelfService Plus node.
- Click Save.
- The new secondary node will be automatically restarted.
- To remove or modify a server:
- Log in as admin to the ADSelfService Plus primary node.
- Go to Admin → Enterprise Essentials → Load Balancing.
- Click Edit.
- Modify the node details, such as the server name or port number, if required.
- Click the [x] icon to remove a server.
- If you want to completely disable load balancing and remove all the secondary nodes, click the Remove button beside Edit.
- Click Save.
Managing scheduled jobs after enabling load balancing
By default, scheduled jobs such as report generation, Active Directory to ADSelfService Plus synchronization, etc. will be run from the primary node once load balancing is enabled. However, you can configure scheduled jobs to be run from one of the secondary nodes to reduce the load on the primary server.
To run scheduled jobs from a particular node:
- Log in to the ADSelfService Plus primary node as an admin.
- Go to Admin → Enterprise Essentials → Load Balancing.
- Click Manage Scheduled Jobs.
- Select a server from the Run Schedulers on drop-down menu.
- Click Save.
Troubleshooting tips
- Build number is different from the primary node.
Cause: If the ADSelfServcie Plus build number of a secondary node is different from the build number of the ADSelfServcie Plus instance designated as the primary node in Load Balancing Configuration, this error will occur.
Solution: Make sure you update all the ADSelfService Plus instances designated as secondary nodes to match the build number of the ADSelfService Plus instance designated as the primary node. Refer to the Service Pack page to learn how to update ADSelfService Plus.
- Scheduled jobs are not running. Please restart this server.
Cause: Once you modify the Manage Scheduled Jobs setting and choose a new server to run the scheduled jobs, you must restart the selected node. If the node is not restarted, this error will occur.
Solution: Restart the node to run the scheduled jobs.
- Protocol mismatch found. Make sure all the nodes involved in load balancing use the same protocol.
Cause: This error will occur if a secondary server uses a different protocol than the one used in the primary node.
Solution: All secondary nodes involved in the load balancing configuration must use the same protocol used by the primary node. For example, if HTTPS is enabled in the primary node, you must enable HTTPS in all secondary nodes as well. Refer to this guide to learn how to enable HTTPS and install an SSL certificate in ADSelfService Plus.
- Communication issue. Make sure the port <7800> is not blocked by the firewall in both the primary and secondary nodes. If the problem still persists, click here to troubleshoot.
Cause:
- There may be a network connection issue between primary and secondary nodes.
- The load balancer service in the primary node will run on a port that is different from the port used by ADSelfService Plus. By default, the load balancer service is assigned the port 7800. If 7800 port is already in use, 7801 will be assigned, and so on. This error will occur if the default port assigned to the load balancer service is blocked by the firewall.
Solution:
- Try to ping the secondary node from the primary node and check if there is a connection issue.
- Check if the port 7800 is open and available in both primary and secondary nodes. If it is available, make sure the port is not blocked by the firewall in both the primary and secondary servers. If 7800 port is not available, try 7801, and so on.
- A node is down or is not reachable.
Cause: This error could occur if there is a change in the IP address of the node.
Solution: Restart the node and check whether the issue is resolved.