Share via


FIM 2010: How to configure (Hardware) Load Balancer

Introduction

Usually during FIM Portal deployment you have to ask your networking team to configure load balancer for you. Following article describes shortly what to configure on the load balancer side (and why).

Let’s assume you are installing FIM Portal and SSPR in highly available way.

 

FIM portal configuration

Load balanced FIM Portal name should be redirected on following ports:

Port Purpose
80 for http (and/or 443 in case you use https)

 

FIM Service

Load balanced FIM Service name (usually same as the portal) should be redirected on following ports:

Port Purpose
5725 FIM Resource Management Service
5726 Security Token Service – required for password reset

 

Sticky Client session

The second thing which is very important to set is to keep client session on the same server (set "sticky session").

Why?

First because portal will not show properly. Probably the reason is that there are open 2 sessions to the portal, separate session for content and separate for reading css'es and other formatting related staff. If these sessions don't land on the same server then portal may look little bit unformatted J.

There are as well requirements related to password reset (described later on).

 

SSPR

SSPR includes Password Registration Portal, Password Reset Portal and client.

Password reset and registration portals

For the password reset/registration load balanced portal names following ports should be redirected:

Port Purpose
80 for http (and/or 443 in case you use https which is recommended)

 

Password registration and reset is using FIM Service (ports 5725 and 5726 already redirected for the FIM Portal needs).

 

SSPR Client

For password reset client it is important as well to keep session on the same server across the ports 5725 and 5726.

Why is that?

Simply because when password reset client connect to the QA gate and after successful user identification gets token from the Security Token Service on the 5126 port it has to request for password reset thru the Resource Management Service on the same server (but on the port 5725). If it will go to different server password reset will be unsuccessful.

 

FIM Portal Farm

Above information is related just to configuration of Load Balancer (which is usually done for you by your network team).

For installation instruction of load balanced FIM portal from the FIM perspective you can refer to following article (by Paul Williams): Installing FIM Portal and Service with a load balanced name

It is worth seeing as well Understanding Password Reset article.

 

Source Reference

The article has originally been published by the author on IDArchitect.NET  blog.