voged01

Tech Tip:  How Can a Load Balancer Check if a PAM Instance is Available?

Discussion created by voged01 Employee on Mar 1, 2018
Latest reply on Jul 14, 2018 by AsifShaikh

Some customers use external load balancers rather than use PAM's load balancer functionality.  When a cluster member becomes unavailable, either functionally or administratively, the external load balancer needs some way to know this, in order to avoid directing users to a device that is not available to them.  With 2.8.2 a health check was introduced.  The load balancer can add /health.php to the url for a specific PAM instance, for example https://<your ip address>/health.php.  A health PAM instance will return 200 OK.  Initally, there was no way to inform the load balancer that the PAM instance was in Maintenance Mode, administratively unavailable.  With 3.1.1 the health check was enhanced, with 503 returned when PAM under the following conditions:

  • The node is in maintenance mode
  • The appliance's local PA database is inactive
  • A secondary site node's PA database is inactive
  • A secondary site node's access database is inactive

 

This should enable you to prevent your users from being sent, by your external load balancer, to a cluster member that is not available.

Outcomes