When PAM Cluster is formed with more than 1 node in a Site you need to specify a VIP address.
Once the Cluster is turned on, you can access VIP and get redirected to a Cluster member node.
But how does VIP know which member node has the least workload?
Release : ALL
Component : PRIVILEGED ACCESS MANAGEMENT
VIP is hosted by the Site Leader.
So in fact the request is handled by the Site Leader.
The Site Leader checks with Cluster Members to determine who has the least workload.
The workload is determined by the number of "xcd_spfd" processes. Least number of "xcd_spfd" processes means least workload so the connection will be redirected to that node.
"xcd_spfd" process is the one listening on port 443.
# netstat -anp |grep :443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 3334/xcd_spfd
"xcd_spfd" creates child process to handle each new connection.
These new connections would be coming from:
1. PAM User login (long term connection as the user may stay logged on for a while)
2. Cluster communication (short term connections)
3. A2A requests (short term connections)
4. REST API calls and etc. (short term connections)