5 Replies Latest reply on Sep 16, 2002 3:00 PM by Joao Clemente

    Clustering & SSL question

    Joao Clemente Newbie

      Hi.
      I am just wondering how can we handle clustering and ssl.

      IF you have replicated http sessions, you can use a layer-4 load-balancer to direct the requests for whatever server in the cluster.
      However, if you use SSL you'll face 2 problems:

      As the ssl session key is only at 1 machine
      1 - No load balancing can be done.
      2 - No failover can be done.

      Maybe the ssl is replicated with the sessions?
      Or you'll need a ssl proxy before the request reaches the load-balancer?

      Joao Clemente
      INESC - Portugal

        • 1. Re: Clustering & SSL question
          Joao Clemente Newbie

          Can someone explain me how can failover happer if you have http session replication and use ssl?

          As ssl is established between 1 user and 1 server, if the server fails, what happens to allow user to use the session replicated in server2?

          Thanks

          • 2. Re: Clustering & SSL question
            Cosmotic Newbie

            There's this concept called in-memory session replication within a cluster using JavaGroups Multicast.

            How to do it with Tomcat 4 is explained on <http://www.theserverside.com/resources/article.jsp?l=Tomcat>.

            HTH

            • 3. Re: Clustering & SSL question
              Cosmotic Newbie

              Sorry, you were of course asking specifically for SSL, the mentioned URI doesn't help there.

              • 4. Re: Clustering & SSL question
                Joao Clemente Newbie

                Yes. In particular, I would like to know what happens when:

                You have 2 servers with http replication enabled, and there is a sessionA in server1, regarding userA;
                SessionA is in server1 and is replicated in server2;
                user1 uses SSL to connect to server1.

                Server1 fails. Client1 is redirected to server2.
                The SSL key does not work between Client1 and server2.

                Now what?

                I dunno wich of these happens:

                a) Everything fails and failover is impossible
                b) SSL handshake is made between user1 and server2 but the replicated session cannot be used.
                c) SSL handshake is made between U1 and S2 and afterward the replicated session1 can be used.

                Basicaly, I'm trying to figure out if not having SSL keys replicated (when using https) will stop me from failover correctly.

                • 5. Re: Clustering & SSL question
                  Joao Clemente Newbie

                  Yes. In particular, I would like to know what happens when:

                  You have 2 servers with http replication enabled, and there is a sessionA in server1, regarding userA;
                  SessionA is in server1 and is replicated in server2;
                  user1 uses SSL to connect to server1.

                  Server1 fails. Client1 is redirected to server2.
                  The SSL key does not work between Client1 and server2.

                  Now what?

                  I dunno wich of these happens:

                  a) Everything fails and failover is impossible
                  b) SSL handshake is made between user1 and server2 but the replicated session cannot be used.
                  c) SSL handshake is made between U1 and S2 and afterward the replicated session1 can be used.

                  Basicaly, I'm trying to figure out if not having SSL keys replicated (when using https) will stop me from failover correctly.