Reflection for Secure IT Gateway - Administrator’s Guide > Reflection Gateway System Administration > Ensuring High Availability of Reflection Gateway Services

Ensuring High Availability of Reflection Gateway Services

To ensure high availability of Reflection Gateway services, you can configure duplicate server systems and use a load-balancing proxy to manage connections between the components.

To support any load-balancing system for Reflection Gateway, you will need to create a database on a remote system and configure duplicate Gateway Administrator servers to communicate with this database. Details are provided in the procedures that follow. The database server should be configured for failover, for example using a Windows cluster. Failover configuration procedures for the database are not covered in this guide.

NOTE:The port values shown in these diagrams and in the sample HAProxy configurations are the defaults. The diagrams also omit some connections that do not need to be handled by the proxy. For more detailed information, see Ports and Firewall Configuration.

Configuring high availability for Jobs

To support load balancing for jobs, you will need to create identically configured Gateway Administrator servers and use a load balancing proxy to manage connections to these servers, as shown here:

To set up load balancing for Jobs

  1. Create identically configured Gateway Administrator systems that connect to the same database.

  2. Configure a load balancing proxy to forward requests coming from administrators’ browsers (port 9490) and Reflection Hub servers (port 9186) to the Gateway Administrator servers. For an example using HAProxy, see Sample Proxy configuration in the internal network.

  3. Install the Reflection Hub service on two or more systems and configure any Gateway Administrator instance to connect to each Hub.

    • On the Hubs tab, confirm that the Gateway Administrator server value for each Hub is specified using the network name or IP address that is configured on the load balancing proxy for connections from your Hub systems.

    • You can add or delete Hubs at any time after you have configured your database connection. The round robin connection to the Hubs is managed by Gateway Administrator and all Hub connection settings are stored in the common database. Increasing the number of hubs may improve performance if your jobs manage large numbers of file multiple transfers.

Configuring load balancing for Transfer Sites

Load balancing for Transfer Sites typically involves two load-balancing proxies–one in the DMZ and one in the internal network. The proxy in the DMZ forwards requests from transfer clients to identically configured Reflection Gateway Proxy systems. The proxy in the internal network forwards requests from the Reflection Gateway Proxy systems to identically configured Gateway Administrator systems.

To set up load balancing for Transfer Sites

  1. Create identically configured Gateway Administrator systems that connect to the same database.

  2. Create identically configured Reflection Gateway Proxy systems.

  3. Configure a load balancing proxy in the DMZ to forward requests coming from Transfer Site users (ports 22 and 9492) to the services running on the Reflection Gateway Proxy systems. For an example using HAProxy, see Sample Proxy configuration in the DMZ.

  4. Configure a load balancing proxy in the internal network to forward requests coming from the Reflection Gateway Proxy servers (port 9190) and from Administrator browsers (9490–not shown in the second diagram) to the Gateway Administrator systems. For an example using HAProxy, see Sample Proxy configuration in the internal network.

  5. Configure a failover system for the Transfer Site file server. If the server is a Reflection for Secure IT Server for Windows, you can use a Windows cluster. See “Using a Server Cluster” in the Reflection for Secure IT Server Help.

Configuring load balancing for both Jobs and Transfer Sites

Setting up load balancing for both Jobs and Transfer Sites combines the procedures above.

To set up load balancing for both Jobs and Transfer Sites

  1. Create identically configured Gateway Administrator systems that connect to the same database.

  2. Create identically configured Reflection Gateway Proxy systems.

  3. Configure a load balancing proxy in the DMZ to forward requests coming from Transfer Site users (ports 22 and 9492) to the services running on the Reflection Gateway Proxy systems. For an example using HAProxy, see Sample Proxy configuration in the DMZ.

  4. Configure a load balancing proxy in the internal network. To support both Jobs and Transfer sites you will need to forward requests coming to Gateway Administrator from administrators’ browsers (port 9490), Reflection Hub servers (port 9186), and the Reflection Gateway Proxy systems (port 9190). Examples for all of these are included in Sample Proxy configuration in the internal network.

  5. Install the Reflection Hub service on two or more systems and configure any Gateway Administrator instance to connect to each Hub.

    • On the Hubs tab, confirm that the Gateway Administrator server value for each Hub is specified using the network name or IP address that is configured on the load balancing proxy for connections from your Hub systems.

    • You can add or delete Hubs at any time after you have configured your database connection. The round robin connection to the Hubs is managed by Gateway Administrator and all Hub connection settings are stored in the common database. Increasing the number of hubs may improve performance if your jobs manage large numbers of file multiple transfers.

  6. Configure a failover system for the Transfer Site file server. If the server is a Reflection for Secure IT Server for Windows, you can use a Windows cluster. See “Using a Server Cluster” in the Reflection for Secure IT Server Help.