Data Center Security (DCS) load balancing

book

Article ID: 178709

calendar_today

Updated On:

Products

Data Center Security Monitoring Edition Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

 

Resolution

The communication between the agent and the manager is based on TCP connections. The agent makes a TCP connection to the manager and sends data and gets a response. The agent then closes the connection. The current protocol used over the TCP connection is either HTTP or more commonly HTTPS. When using the HTTPS protocol, the agent verifies the server certificate by matching it with the copy of the certificate that is installed in the agent's keystore. Because the mechanism the agent uses does not use the IP addresses of the agent or server , multiple managers share the same certificate and the agent can communicate equally well with any manager.
 
Agents are registered with the database and not with a manager. The manager just allows the agent to interact in a controlled way with the database. The manager does not keep state information.
 
Since the agent - manager communication is stateless, each connection from an agent can be routed to any manager. This allows many methods of load balancing to be used with the DCS product.
 
1. Hardware load balancing - each incoming TCP connection is routed to the manager that currently has the "least" load. Load is balanced on a connection by connection basis.
 
2. DNS round robin - Agents configured to use a DNS name rather than an IP address. The DNS is configured with a short time to live and round robins the server IP addresses.  Connections are randomly distributed between managers. Usually does not use the actual load or number of connections to decide. Actual load can be unevenly distributed.
 
3. Static load balancing - the agent uses the first manager specified in the server list.  Agents are assigned a manager. Other managers configured in the server list provide failover if the agent determines that the first manager has failed.