How to setup Load Balancer Between 2 IQService Servers and 2 VA using TLS

Identity Security Cloud (ISC) ISC Discussion and Questions
, , , , ,
1

Hi Experts,

I have 2 VA 2 IQS Server host and 1 Network Load Balancer (NLB) over TLS port 5054.
Does anyone have step by step doc for this configuration.

Can Anyone please help me with below Query:

  1. I must install only one IQS instance without secondary instance?
  2. Can i use Network Load Balancer (NLB) or only Application Load Balancer is supported.
  3. NLB is created in AWS IaaS. How can i check my NLB is working or not. As my IQS Server was working on TLS port 5054 successfully.
  4. I have got 3 Certificates from NLB Root Cert, Intermediate Cert & Server Certificate and a Key File.
  5. I have installed Server Certificate in Both IQService host and kept Key file also in the IQS folder where it is installed.
  6. I need to install the certificate in Personal or Trusted root Certification Authority in MMC.
  7. Do i need to keep all 3 LB certificate and key file in Both the VA also?

Please help me with these Queries.
Thankyou in Advance.

2

  1. I must install only one IQS instance without a secondary instance?
    You do not need to install a secondary instance as you can fail to the second server if the first server is not available.

  2. Can I use a use a network load balancer or only an application load balancer.
    The load balancer must support tcp health check for detecting traffic going to a specific port on a server with an internal address in an active-passive manner. It also needs to be able to handled half open connections without generating errors

  3. NLB is created in AWS … How can I check my NLB is working?
    Enable logging for the IQ service on both servers. . Make a request such as adding an AD group. Look in server 1 for the logs to ensure which server is being used. Stop the IQ service process on server 1. Make another request. Now you should see the logs on server 2

  4. Do I need to keep all 3 LB certificate and key file in Both VAs?
    The IQ Service certificate that is on the VA is to establish client authentication and encryption between the VA and the IQ service. The load balancer should be passing your requests from the VA to the IQ service. It should not be trying to change the keys. (In other words, encryption should not be terminated at the load balancer.

1 Like
3

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.