Some environments need to have Password Manager configured to use network load balancing for redundancy purposes. This redundancy can be in the form of a software or hardware load balancer, such as Windows Network Load Balancing, F5, Citrix NetScaler, or a number of other solutions.
Strictly speaking, there are too many load-balancing solutions, each with too many configuration options, for Password Manager to be tested and certified for use with each one. Officially, the Password Manager solution does not support the use of load-balanced URLs or IP addresses because it is an untested configuration.
That being said, if the load-balancer is implemented properly, it should be transparent to the Password Manager solution and it should function as expected.
For assistance with configuring a load-balancer, please contact the vendor of your load-balancing solution.
In a standard configuration, the User Site (PMUser) is deployed in the DMZ, on one or more hosts. The Admin Site (PMAdmin) is deployed internally, on one or more hosts.
Users and the Secure Password Extension client will access the User Site using HTTPS on port 443.
If this URL is load-balanced, it needs to be accessible to and from both internal and external clients, and SSL Persistence must be enabled on port 443.
This load-balanced URL or IP Address needs to be entered in the Admin Site.
The User and HelpDesk Sites will communicate with the Admin Site using port 8081 (by default). This is a secure, stateful connection.
If a custom port has been specified, this port can be confirmed in the Admin Site under General Settings | Reinitialization under the field labeled Specify the port number that the Self-Service and Helpdesk sites will use to connect to the Password Manager Service.
If this URL is load-balanced, it needs to be accessible between the User Sites and the Admin Sites, and SSL Persistence must be enabled on port 8081 or whichever custom port is specified.
If a User Site is already configured, it will be necessary to reinitialize the site in order to leverage the load-balanced URL for the Admin Sites.