Working with load balancers

If you have many application servers, we recommend using the HAProxy load balancer. In this case, HAProxy uses the configured load balancing method to determine the server to which a scan request is sent. The operating principle of the application with a load balancer is presented in the figure below. This scheme of interaction between components is applicable when the application is installed from an RPM or DEB package as well as when the application is deployed from an ISO image.

load_balancing

Operating principle of the application with a load balancer

The numbering in the figure corresponds to the following steps of traffic processing:

  1. A user requests access to a web resource. This request is relayed to the load balancer.
  2. The load balancer selects the cluster node according to the defined balancing method and relays the user request to this node.
  3. The built-in proxy server of the selected node accepts the request and relays it to the application's ICAP server to be to be scanned in accordance with the traffic processing rules.
  4. If access to the web resource is allowed according to the scan results, the built-in proxy server sends the request to the web server on the Internet.
  5. The web server hosting the requested web resource sends a response to the built-in proxy server.
  6. The built-in proxy server sends the response of the web server to the application's ICAP server to be scanned in accordance with the traffic processing rules. The scan result is returned to the built-in proxy server.
  7. The built-in proxy server relays the response to the load balancer.
  8. The load balancer sends the response to the user's computer. Depending on the actions configured in the application, the following pages may be displayed:
    • If access to the web resource is allowed, the requested web page is displayed.
    • If access to the web resource is prohibited, the block page is displayed.
    • If the Redirect action was applied, the user sees the web page to which the redirect was configured.

You can use the same load balancer to balance different services, or install two load balancers. In that case, the HTTP balancer balances the load among proxy servers, and the ICAP balancer balances the load among the cluster nodes of the application. The load balancer connection scheme is presented in the figure below. This scheme is applicable when the application is installed from an RPM or DEB package as well as when the application is deployed from an ISO image.

load_balancing2

Interaction scheme with two load balancers

Page top