FIM 2010: How to configure (Hardware) Load Balancer
Introduction
Usually during FIM Portal deployment you have to ask your networking team to configure load balancer for you. Following article describes shortly what to configure on the load balancer side (and why).
Let’s assume you are installing FIM Portal and SSPR in highly available way.
FIM portal configuration
Load balanced FIM Portal name should be redirected on following ports:
Port | Purpose |
80 | for http (and/or 443 in case you use https) |
FIM Service
Load balanced FIM Service name (usually same as the portal) should be redirected on following ports:
Port | Purpose |
5725 | FIM Resource Management Service |
5726 | Security Token Service – required for password reset |
Sticky Client session
The second thing which is very important to set is to keep client session on the same server (set "sticky session").
Why?
First because portal will not show properly. Probably the reason is that there are open 2 sessions to the portal, separate session for content and separate for reading css'es and other formatting related staff. If these sessions don't land on the same server then portal may look little bit unformatted J.
There are as well requirements related to password reset (described later on).
SSPR
SSPR includes Password Registration Portal, Password Reset Portal and client.
Password reset and registration portals
For the password reset/registration load balanced portal names following ports should be redirected:
Port | Purpose |
80 | for http (and/or 443 in case you use https which is recommended) |
Password registration and reset is using FIM Service (ports 5725 and 5726 already redirected for the FIM Portal needs).
SSPR Client
For password reset client it is important as well to keep session on the same server across the ports 5725 and 5726.
Why is that?
Simply because when password reset client connect to the QA gate and after successful user identification gets token from the Security Token Service on the 5126 port it has to request for password reset thru the Resource Management Service on the same server (but on the port 5725). If it will go to different server password reset will be unsuccessful.
FIM Portal Farm
Above information is related just to configuration of Load Balancer (which is usually done for you by your network team).
For installation instruction of load balanced FIM portal from the FIM perspective you can refer to following article (by Paul Williams): Installing FIM Portal and Service with a load balanced name
It is worth seeing as well Understanding Password Reset article.
Source Reference
The article has originally been published by the author on IDArchitect.NET blog.