You use load balancers to distribute incoming connections across multiple Edge Servers. If you are deploying multiple Edge Servers in a site, you must use load balancers both between the perimeter network and your internal network (that is, the internal load balancer), and between the perimeter network and the Internet (that is, the external load balancer). However, on the internal load balancer, you must load balance only the Access Edge services and the A/V Edge services; do not load balance the Web Conferencing Edge services on the internal load balancer.
Although you use a single load balancer for all three edge services, we recommend you use separate virtual IP addresses (VIPs) for each edge service. We recommend port 443 for all three server roles, and because a different port/IP combination is required for each server role, separate VIPs support the recommended configuration.
For load-balanced Edge Servers in the perimeter network of the data center, outgoing requests are connected directly to a specific Edge Server’s Web Conferencing Edge service or A/V Edge service. These outgoing requests are handled as follows:
- Each time an internal Web Conferencing Server starts up, it
looks up the Edge Servers that are configured in its environment,
and then it looks up the Domain Name System (DNS) A record of the
Web Conferencing Edge service of each Edge Server. Then, the
internal Web Conferencing Server initiates four outbound
Transmission Control Protocol (TCP) connections to the internal IP
and port of each Web Conferencing Edge service.
- The load balancer for the A/V Edge service on the Edge Servers
routes each A/V request to one of the Edge Servers, which then
manages the connection until the session ends.
- Each edge service on each Edge Server connected to the load
balancer must be configured identically, including identical
internal and external ports, Allow lists, Block lists, federated
partners, internal domain lists, internal server lists, remote user
settings, and proxy connections.
- You must install and configure certificates to support load
balancing. For details, see
Set Up
Certificates for the Internal Interfaceand
Set Up
Certificates for the External Interface.
- Federated partner Access Edge Servers and remote user clients
must target the virtual IP (VIP) address that the Access Edge
Server array uses on the external load balancer.
- The internal next hop server (typically, a Director) must
target the virtual IP address that the Access Edge Server uses on
the internal load balancer. If you are deploying a Director, you do
this as part of the Director configuration. For details, see
Deploy a
Director.
Configuring Your Load
Balancer
After configuring Edge Servers in the perimeter network of your data center, verify that they are correctly connected to the load balancer, and then verify that the ports listed in the following tables are open on the internal interface of the load balancer and on the external interface of the load balancer, respectively.
Internal Load Balancer Port Settings
| Component | Port |
|---|---|
|
Access Edge Server |
TCP 5061 |
|
Web Conferencing Edge Server |
N/A |
|
A/V Edge Server |
TCP 5062 TCP 443, UDP 3478 |
External Load Balancer Port Settings
| Component | Port |
|---|---|
|
Access Edge Server |
TCP 5061, 443 |
|
Web Conferencing Edge Server |
TCP 443 |
|
A/V Edge Server |
TCP 443, UDP 3478 |