How to put in place a clustering solution for OOD

Hi, everybody@osc

i have’nt seen any information on that topic : how to put in place a cluster solution for the OOD frontend to secure the service ?

if some of you have any ideas, don’t hesitate. Thanks a lot.

jean-marie

I think folks just sit it behind an HAProxy (or similar). They don’t load balance between the two instances but have an active and a passive instance. The active takes all the traffic until the proxy determines otherwise and switches over to the other instance.

I imagine you could load balance across both (or more) instances, but you’d need to have sticky sessions. But again, I think folks have active/passive instead of load balanced setups.

We actually know of a site that is using HAProxy for load balancing with OnDemand and have reached out to learn more details about how they do this. I’ll post back here when we get a response.

@jms27000 actually could you clarify what you mean by “put in place a cluster solution for the OOD frontend to secure the service”? Do you mean a load balancing solution to support greater load, or multiple instances to support high availability, or is your question specifically about security?

It’s mainly a high avalaibility topic

Actually thinking about the problem, active/passive gives you no benefit over load balanced. When you’re load balanced across multiple nodes, and anyone of them fails, you only disrupt 1/N customers whereas in a active/passive you disrupt all N.

It was a mistake to suggest active/passive type setup.

So really I think load balancing with sticky sessions is the best option. How the proxy is then configured is the question, and since we don’t run HA at OSC we don’t know, but as Eric says we’re reaching out and maybe we can share the HAProxy configs.

Hello, all.

I would be very interested in knowing how to configure an HAProxy for OnDemand behind a load balancer as well. We have placed ours behind a NetScaler, though we only have one OnDemand server, at least for the moment. We decided to use the NetScaler so that we could enforce the same IP blacklist we are using on many other websites on our network. Unfortunately, it isn’t really working for us - we are able to authenticate to the app (using Shibboleth), navigate the interface, even access the file browser. However, anything we try to access on remote nodes (such as the Shell app and the interactive Desktop) fails to connect, reporting a websocket error. If we reconfigure OnDemand to bypass the public address for the NetScaler, everything works, but our intent is to allow our users to access it even from off-campus, so that isn’t really what we want to do.

Thanks.

We use active/active with HAproxy on our site. you can see parts of our config at Putting an entire OOD setup behind a web proxy?. No load balancer though.