Load Balancing DNS requests

Similar Messages

• Load balancing HTTP requests for an OC4J instance w/multiple JVMs

  Hello everyone,
  I am using OAS 10.1.3.1 and wish to load balance HTTP requests across an OC4J group of one or more OC4J instances, where each like named OC4J instance may have multiple JVMs or it may just have one JVM.
  My mod_oc4j.conf file would contain the following directives :
  Oc4jSelectMethod roundrobin:local
  Oc4jRoutingMode Static
  Oc4JMount /xyz/* xyz
  In the degenerate case, I would like to have an OC4J group with a cluster size of one, and have that one OC4J instance have two or more JVMs. I would like to be able to receive a request within my web application, determine that the JVM that has been sent the request is the wrong JVM to process the request, and then call HttpServletResponse.sendRedirect("/xyz"). Then, when the browser receives the HTTP 302 response and issues the subsequent HTTP request, have that request sent to a different JVM than the previous JVM that issued the sendRedirect().
  What I have seen is that the subsequent request is sent back to the same JVM that issued the sendRedirect(). I also call invalidate() against the HttpSession prior to calling sendRedirect(), but that does not seem to affect the behavior that I see.
  In the full blown case, I would have an OC4J group with a cluster size > 1, and each of those OC4J instances would have at least one JVM. In that case, I wish the sendRedirect() call to allow the subsequent request to be sent to any one of the OC4J instances in the group, and any one of those JVMs within all of those OC4J instances.
  Can anyone verify that my mod_oc4j mount directive is appropriate given the select method and routing mode? What else might I need to do to have a chance to have a different JVM respond to the request that results from a sendRedirect()?
  Thank you,
  Doug

  I should clarify that in the full blown environment, the OC4J instances that form a group will each be housed within a separate OAS instance that resides on its own machine.
  So ideally, a request could be inbound to say OAS instance 1 on machine A, OC4J instance AA, JVM 2, and I need to force a redirect so that the request can actually be serviced by OAS instance 3 on machine C, OC4J instance AA, JVM 1, and I need to be able to call sendRedirect() against an HttpServletResponse from within a JVM until the subsequent request from the browser, Internet Explorer in my case, is serviced by that JVM.
  Thanks,
  Doug

• Load Balancing HTTP requests to ABAP App Servers options?

  Looking at SAP Documentations, SAP recommends to use the Web Dispatcher to load balance HTTP requests to multiply ABAP App servers. 
  My question is that the only solution? or can we use hardware such as the F5 BigIP to perform the same job?
  Any thoughts?

  In collaboration with SAP and SAP customers, F5 Networks has created a solution that delivers security, high availability, and improved performance for SAP web and portal technologies.
  By deploying F5 Networks solutions with SAP NetWeaver, enterprises extend their control over their Network and Application traffic, and ensure the fast and secure delivery of their applications.
  Benefits of F5 for SAP NetWeaver and Enterprise SOA
  u2022 Cuts SAP Enterprise Portal login time by more than half for WAN users
  u2022 Speeds document downloads
  u2022 Reduces SAP server CPU utilization by 44%
  u2022 Provides a 20x reduction in the number of SAP server-side connections
  Further details, case studies and deployment guides on;
  http://www.f5.com/solutions/applications/sap/netweaver/
  F5 certification information on SAP Website
  http://www.sap.com/partners/directories/SoftwareISVSolutions.epx?context=21B87D61C0F646A22B2A6DB254A010CA8C9C141B7529F029910FE6FF9EEEC5A701BF20EED61AC07159D98BAA068EBE1B8C5C7665EA2226374E942CF1D2A49D20AB1BFDFA1E0B68EC41E3058F04A85F105D5002CF1A11383C905D9FE5DDB951251A4B574B0BBE58309F67667A3B95877FEF85F1EF8B2C1A9F6FBA3BF5066D9534%7c01518B8BD6BF02F55A5A72E5947F2C45
  Hope this helps. Thanks

• Load balancing outbound requests from OAG

  Hi,
  I need to load balance outbound requests from OAG to a cluster of Application Servers (which expose some web services): do I need a hardware (or software) load balancer product? Isn't API Gateway able to do the job by himself?
  Thanks.
  Bye.
  Roberto

  Hi,
  By adding a remote host you can achieve load balancing. So make up a "fake" host that should not exist just not to collide with any actual service, add that host as a remote host and then add the IP's in the list of the of load balancing. Us the fake host in your connection filter and the gateway will automatically replace it host with a correct IP from the load balancing list.

• Issue with Site Configuration / Load Balancing

  We’re noticing strange behavior with our servers that are configured behind a load balancer. We’ve got two servers with different ports and a load balancer:
  Server1: https://host1:30003/opensso
  Server2: https://host2:30103/opensso
  Load Balancer: https://loadbalancer:30003/opensso
  When we go to the admin console, we can access Server1 without a problem, but the second time we go the load balancer sends us to Server2, and our browser returns a page not found error. We’ve traced the HTTP traffic and discovered that every other time we go to the admin console (the load balancers are configured round robin), Server2 always returns a bogus HTTP found URL. The response it provides is something like https://loadbalancer:*30103*/opensso/UI/Login (just an example).
  The issue here is that it is properly directing the end user’s browser to the load balancer DNS entry. It is not however directing the end user’s browser to the proper port. It seems to sends its own port value to the browser. Obviously when the browser tries to access this URL the Load Balancer rejects the request because it is not listening on port 30103.
  Can Multiple OpenSSO application servers (configured as a site) run from behind a load balancer when they are listening on different ports? If so, why is the application server responding to the user request with its own port, rather than that of the load balancer, yet still providing the DNS hostname entry for the load balancer the whole time.

  Major updates of Muse are targeted to release roughly every quarter. The 1.0 release was in mid-May. The 2.0 release was in mid-August. A fundamental change to image loading would only appear as part of a major update due to the engineering and testing efforts required.
  As provided in your previous thread http://forums.adobe.com/message/4659347#4659347 the only workaround until then is to reduce the number of images in the slideshow.

• Load balancing http server

  Hi There,
  I want to implement a load balancer (linux virtual server) into our htmldb configuration. We currently run the http server on the same machine running oracle/htmldb. I want to split this out and use 2 seperate machines running http server behind the load balancer, both these http servers will be pointing to the same oracle database.
  The load balancer will not be using persistent sessions, therefore client requests will be sent evenly to each http server. My main question is, will I have problems with user sessions, or (as I imagine) is all the session information written to the database ?
  Thanks in advance.
  Tom

  Bill,
  There are a few things you need to consider
  1: Availability of http server. ie how many are you going to have. How are you going to access them. Load balancer, DNS round robin. These should be on different servers to the database.
  2: How are the http servers going to connect. For RAC you'll need to specify TNS connections. I'd also recommend that you look at using application partitioning using services in the RAC cluster. That way you can have Apex using a subset of nodes in the cluster .
  3: If you are going down the RAC path then I'd assume availability is a priority. You''ll need to think of standby configuration. Again this is possible with TNS configuration.
  You can do it all with Apex. RAC and Standby but it will take planning and testing.

• Best way for HTTP load balancing in OSB

  Hi everybody,
  We have setup an OSB cluster and we need to load balance HTTP requests across managed servers. Looking for info about load balancing in OSB I found that there are mainly two options: using a hardware load balancer or a software solution like Weblogic HttpClusterServlet. At the moment we have no hardware balancer available so we will have to take the software option. I found some articles about configuring HttpClusterServlet like http://redstack.wordpress.com/2010/12/20/using-weblogic-as-a-load-balancer.
  But I have a question about this configuration. If we use a managed server as an HTTP proxy that balances requests between OSB managed servers, what would happen if this server goes down? I think one of the main goals of a clustered deployment is avoiding a single point of failure but with that setup all requests would depend on the availability of the proxy managed server.
  Could you recommend us a setup for implementing load balancing in OSB?
  Thank you in advance,
  Daniel.

  Load balancing in a cluster for http requests can be achieved using atleast 4 different ways:
  (1)- use a hardware load balancer like F5 BigIP LTM
  (2)- use a web server with weblogic plugin to frontend the cluster
  (3)- use weblogic with HTTPClusterServlet
  (4)- use DNS round robin - this works if you have managed servers running on 2 machines (say mach1, mach2) but on the same port. HTTP clients use hostname 'mach' to access the URL's and the dns does a round robin name resolution of mach to mach 1 and mach2 IP addresses..
  All the options except (1) achieve only load balancing and not auto failover on all instances.. Hardware load balancers has the extra feature of probing [ sending periodic pings to the targets] , by which it can detect whether the target resource is alive and if not send the traffic to other nodes which are alive.. this is why hardware load balancers are worth their investment..
  other options may work if client is coded to do retrying on failure.. so on 2nd or subsequent attempt, the routing is done to the machine which is alive..
  For options (1),(2) and (3), you also need some redundancy of load balancing device ( web server, weblogic or hardware load balancer) to prevent single point of failure.. Hardware load balancers are usually deployed in redundant pairs to achieve this..
  Edited by: atheek1 on 22/11/2011 15:31

• Webdispatcher with load-balancing and local icm configuration

  Dear all,
  we have a webdispatcher in place to load-balance the requests to our three application servers (ABAP). The webdispatcher has a hostname that is resolved by the DNS. The application servers use local hostnames that can't be resolved in our infrastructure at the moment.
  That configuration works fine for all requests that reach the infrastructure from outside.
  But, if a user logs on with SAP GUI and then calls a web transaction like a webdynpro, the browser opens with the local application server hostname. However that hostname can't be resolved.
  Is it possible to change the three local icm configurations in a way that all local generated web requests refers to the webdispatcher too? What is the preferred configuration for this more or less usual scenario?
  Thanks in advance,
  Daniel

  Hello,
  In your scenario, I would try to create entries in table HTTPURLLOC. After that the 3 app servers should generate URLs using the SAP Web Dispatcher.
  Best Regards,
  Olivier

• How to load balance everything

  Edit:
  More up to date list is available on the wiki:
  http://wiki.oracle.com/page/WCI+Load+Balancing
  Its hard to find information related to deployment anymore, as there is no deployment guide for 10gR3 and a lot of information is scattered around in outdated blog posts. I'd like to keep a list of how to design every component for HA. I don't doubt that there are a lot of errors and things that need filled in so please reply with your additions and corrections.
  h3. Types of load balancing referenced:
  h4. external
  refers to a hardware or software based load balancing handled outside Webcenter software
  h4. MPPE
  the 'massively parallel portlet engine' is the portal's ability to internally load balance web services that are configured with round robin DNS
  h4. cold failover
  I might have the terminology wrong, but I'm referring to when you have another instance of the product installed but disabled. The instance can be turned on in the event of an ourage of the primary component, but it is not automatically available.
  h1. Portal
  Load balanced with an external load balancer (sticky session enabled)
  h3. References:
  http://edocs.bea.com/alui/deployment/docs604/networking/c_loadbalancing.html
  h1. API
  h1. Publisher
  Publisher is able to be load balanced by breaking it up into components: publisher admin, publisher redirect, published content
  h2. Publisher admin
  Cannot be load balanced, use cold failover
  h2. Publisher redirector
  MPPE (or external?)
  h2. Published content
  external
  h3. References:
  http://fsanglier.blogspot.com/2008/02/alui-publisher-increase-performance.html
  h1. Collaboration
  External / MPPE (with collab internal clustering)
  (Although i'm currently having issues wtih this and someone reported that you can do without the collab internal clustering)
  h3. Collab's API
  When using the IDK to connect to collab, custom applications bypass the MPPE and communicate directly to the collab host, losing the benefit of the MPPE. In order to load balance in this situation, the collab host must use external load balancing. (is this true?)
  h3. "Search" service (the collab one) (only applies to 4.5 or newer)
  Install on same servers as collab?
  http://download.oracle.com/docs/cd/E13158_01/alui/collaboration/docs103/install/install.htm#i1138897
  h3. References:
  http://edocs.bea.com/alui/deployment/docs604/networking/c_loadbalancing.html
  recent collab outage related questions
  h1. Document Repository
  External
  h1. (AD/LDAP) Identity Web Services
  MPPE to the Web Services
  External between Web Services and AD /LDAP servers (or use HOSTS files to point each ADAWS server to a differnet AD server?)
  h1. Search
  (grid search: 6.1 or newer)The portal can load balance search requests internally. Each search node has knowledge of other nodes, so only 1 node needs to be reported to the portal. When the portal starts up, the 1 search node that is registered with the portal MUST be available.
  h1. Analytics
  Analytics UI
  (i'm not sure? i'm guessing anything would work here because the admin UI is pretty much read only on the database)
  Analytics collector can be load balanced (as of 2.5)
  http://download-llnw.oracle.com/docs/cd/E13158_01/alui/analytics/docs103/installALI/quickstart.html#wp1063387
  h1. Automation
  Load balancing for reduncancy is not possible. However, the work can be split up Automation servers are assigned to different folders. Don't assign 2 automation servers to the same folder, as they can compete for jobs. (?)
  h1. Content Upload
  (mppe / external)?
  h1. ALUI Directory Service
  h1. Remote Portlet Service
  ? (i'm gussing MPPE)
  h1. Notification
  ? no idea
  h1. What else am i missing?
  Edited by: Joel Collins on Apr 27, 2009 6:52 AM

  Here are few bits of info:
  For load balancing for Analytics, that isn't officially supported yet for the UI and Administration components. It might work with sticky sessions from portal-to-analytics but that doesn't get you much. Improving the options there would be a good enhancement request.
  For the collector, I think there are two important things to remember. Use broadcast mode. I've never actually seen it in unicast mode, but broadcast definitely works. Also, remember that this is all managed by Portal and Analytics - you don't use your own load balancer between Portal instances and the Analytics Collector instances.
  Finally, ALUI Directory is not certified to be load balanced yet. On a separate note, ALUI Directory has a socket leak on Windows due to a bug in the version of Jrockit that ships with it. Upgrading the embedded application server for the ALUI/WCI installation to jrockit-R27.5.0-jdk1.5.0_14 will resolve it.

• App-V 5 Publishing Server + Load Balancing (NetScaler) issue

  All, 
  I have attempted to load balance my App-V 5.0 deployment, which includes two nodes (appv-1 and appv-2) on a Citrix NetScaler VPX appliance. 
  The management server is working fine, when browsing to the load balanced VIP DNS alias - pass-through authentication works great and the management console is displayed. 
  When I attempt to browse to the load balanced VIP DNS alias for the Publishing Server, it prompts for authentication credentials, then displays the following error:
  Method not allowed. Please see the service help page for constructing valid requests to the service.
  When I attempt to browse using the same internet explorer instance to http://appv-1.fqdn:8088 it displays the XML page after entering authentication credentials. 
  Here is my set-up & what I have done.... 
  Appv-1 Server
  Management Server installed on Port:8088
  Publishing Server installed on Port:8090
  SQL Cluster and Mirroring configured (tested and working)
  Appv-2 Server
  Management Server installed on Port:8088
  Publishing Server installed on Port:8090
  SQL Cluster and Mirroring configured (tested and working)
  NetScaler 
  Management VIP: 10.1.1.148
  Publishing VIP: 10.1.1.124 
  Both Appv-1 and Appv-2 are setup as services and bound to the corresponding Virtual Servers.
  Load balance alogrith - persistence - source IP: 255.255.255.255 - Least Connection
  DNS and AD Modifications
  host A record - appvmgmtsrv.fqdn = 10.1.1.148
  host A record - appvpubsrv.fqdn = 10.1.1.124
  computer object create in same domain for appvmgmtsrv and appvpubsrv
  SPN Modifications: 
  setspn –A http/appvmgmtsrv:8088 domain\appvmgmtsrv
  setspn –A http/appvpubsrv:8089 domain\appvpubsrv
  setspn –A http/appvmgmtsrv.domain.local:8088 domain\appvmgmtsrv
  setspn –A http/appvpubsrv.domain.local:8090 domain\appvpubsrv
  IIS Modifications:
  Appv-1 and Appv-2 - ApplicationHost.config - modified with below line for both Management and Publishing Server sections:
  <windowsAuthentication enabled="true" useKernelMode="true" useAppPoolCredentials="true" />
  Rebooted and IIS starts correctly.
  Testing 
  On Appv-1 if I browse to http://appvmgmtsrv.fqdn:8088/console.html it asks for authentication, when authentication is entered it fails. 
  On another other machine in the environment if I browse to http://appvmgmtsrv.fqdn:8088/console.html it automatically loads the console with the credentials of the logged on user. 
  Launching the Management Console via Load Balanced DNS name works on every other server except itself.... assume this is Kerberos modifications? (This only happens when I disable the appv-2 node on the load balancer, forcing all IIS connections to Appv-1). 
  The management server issue above is not a big one and can work around that easily. The major issue is with the Publishing Server. .. . 
  On Appv-2 if I browse to http://appvpubsrv.fqdn:8090 it will prompt for authentication, once enter it displays: Method not allowed. Please see the service help page for constructing valid requests to the service.
  in a new tab if I enter http://appv-1.fqdn:8090 it will prompt for authentication, once enter its displays the XML page with App-V meta-data. 
  Can anyone shed some light on this issue please.... When I update the App-V client with the load balanced publishing server VIP DNS it displays the following error in the event log: 
  Getting server publishing data failed.
  URL: http://appvpubsrv.fqdn:8090
  Error code: 0x45500D27 - 0x80190195
  Any help will be greatly appreciated. ....

  You could read
  https://blog.uvm.edu/jgm/2013/09/26/app-v-5-server-f5-load-balancers-and-kerberos/
  https://blog.uvm.edu/jgm/2013/09/27/app-v-server-configuration-load-balanced-configuration/
  http://social.technet.microsoft.com/Forums/en-US/2b39e2b8-aba1-4e96-b18f-c5bcb9f12687/load-balancing-two-appv-50-servers-the-publishing-service-is-not-able-to-contact-the-management?forum=mdopappv
  http://www.thinclient.net/blog/?p=344
  In fact I'm not sure if any of these really helps you, but they give some good advice
  Falko
  Twitter
  @kirk_tn   |   Blog
  kirxblog   |   Web
  kirx.org   |   Fireside
  appvbook.com

• Third Party Load Balancing Active Directory

  We have serveral applications that target individual Active Directory domain controllers for authentication. If the domain controller goes down then that service stops working.
  I'm interested in using a Citrix Netscaler to load balance authentication requests.
  What I want to know is, "Does Microsoft support the use of an external load balancer", not from the perspective of third party device support obviously, rather functionally. Will AD work and be supported when using the Netscaler.
  IT Manager

  If you simply plan to use the Citrix NetScaler to load balance say, reading LDAP on port 389 as an example, you will be OK.  
  Rather than pointing the app to a single DC, why not create multiple DNS records with the same host name, different IPs and use Round Robin.  Not as sophistacted, but it isnt going to cost you tens of thousands of dolllars in load balancing.
  Visit: anITKB.com, an IT Knowledge Base.
  Have you actually tested and used this in a production environment? If I understand correctly, what you are suggesting is to take existing (hypothetical) domain controller DNS entries:
  A record: dc1.contosso.com, 10.1.1.10
  A record: dc2.contosso.com, 10.1.1.11
  And add the following entries to create quasi fault tolerance?
  A record: dc3.contosso.com, 10.1.1.10
  A record: dc3.contosso.com, 10.1.1.11 
  I honestly don't think it will work, because of a few things, such as DC registration occurs every 60 min, including the netlogon service overwriting whatever static entries created for the quasi load balancing, and possibly Kerberos auth failing due to a different
  IP authenticating from a different SPN. I know the hardware load balancers have options to preserve session cookies, which work fine for IIS implementations, such as Exchange HUB, and especially for CAS access, otherwise Outlook will not accept it if it sends
  an auth request on one IP and another backend responds, which the LB help preserve this, however with AD LDAP, RPC, etc, I *don't* think it will work, due to Kerberos failing it thinking it's a spoof. If you get it working, I would be very curious to see the
  documented implementation, settings, results, etc.
  Ace
  Ace Fekay
  MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• WAN Load-Balancing and multi VLAN design

  Hello,
  I need some help to define the design of a specifi LAN-WAN network.
  1) There are 2 independant WAN entries (they have their own ISP-managed router)
  2) I need to load-balanced the requests over the 2 WAN
  3) If possible, the load-balancer must be redundant (GLBP ?)
  4) On the LAN itself, there must be 15 different VLAN
  5) We also need a DHCP solution (also redundant if possible) to provide IP to these VLAN, with unique gateway (the load-balancer)
  What do I need to implement this configuration ?
  And is it possible to configure with as much GUI as possible ?
  Thanks in advance for your help.

  Dear Mike,
  Thank you and welcome to the Small Business Support Community.
  It is possible to configure load balancing with NAT, however in this case, remote internet servers will potentially see sessions from remote hosts behind the SRP541W coming from different source IP addresses (the WAN IP addresses), causing the sessions to be reset unexpectedly.
  The Policy Routing setting you setup is exactly what I would do in your case.
  I hope these answer your question and please do not hesitate to reach me back if there is anything else I may assist you with.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• WebAS access via Portal: Web Dispatcher required for load balancing ABAP

  Hi Folks -
  We have EP 6.0 SP18 (Java only, WebAS 6.40, Unix/Solaris).  The portal has a CI/SCS and one DI so we have a Web Dispatcher to load balance the portal servers. This works fine (and provides port 80 access).
  This portal will provide access to HTTP services from an ABAP WebAS (6.20 with 6.40 kernel, Unix/Solaris). A landscape configuration entry has been added to the portal for this ABAP system. The ABAP system has a CI and multiple app servers, all capable of handling HTTP requests.  This will also require port 80 access.
  1. Will we need an additional Web Dispatcher to load balance HTTP requests to the 'backend' ABAP WebAS system, or will the portal be smart enough to handle the load balancing itself (perhaps based on the information in the landscape configuration)?
  2. If the portal itself handles the HTTP load balancing can you point me to documentation (so I can make sure I have proper configuration)? 
  3. Are there any changes to this with NW2004s Portal (we plan to upgrade soon)?
  Thanks in advance!  Jeff

  Jeff,
  Regarding:
  Q1. If you create a system object from the "SAP system with load balancing" template in portal and configure the object to point to your CI (msg server), the LB should be handled.
  Q2. Portal load balancing is handled by the message server.  If you point a test URL to the port of your message server, you will notice that you are issued a redirect the URL of your dialog instance.  The web dispatcher is just a proxy (with some intelligence).  When a request is made to the WD, it makes a connection to the MSG server, the list of active instances is queried, a redirect is made to that instanct.  If you use WD, that connection can be proxied behind a standard URL.   If you connect directly to the MSG Server instead, you will notice your URL change, just as it does on the service marketplace.
  WDs are good for providing services, masked (proxied) behind virtual names.  If you do not want the customer to see a physical URL of the server, use the WD.  There are lots of other solutions that can do this too though such as Apache, ISA, Juniper devices, Cisco LDs.  WDs have a very low performance threshold though, especially if you use SSL. WD is a performance bottleneck and should be benchmarked to see if it is right for your application.
  Q3. No changes this architecture in 04s.
  jwise

• SSL Setup in a load balanced portal

  Hi,
  We are implementing a portal landscape and also we are using a hardware based (Cisco ACE) load balancer for load balancing purposes.
  So the configuration would be:
  Portal requests --> Load Balancer --> Portal --> Backend
  We are trying to implement SSL until the portal server and I have a question regarding the SSL certificate installation process.
  The URL on the load balancer would be for example https://portaltest.mycompany.com which would load balance the requests between the application servers of the portal (https://sapeptest1.mycompany.com:50001/irj/portal and https://sapeptest2.mycompany.com:50001/irj/portal).
  So, first thing we will have to do would be to install an SSL certificate (signed by a Trusted CA) on the load balancer with a CN=portaltest.mycompany.com.
  I understand that for https to function properly, the host name in the URL we are using to get to the server should match the CN of the SSL certificate installed on the server.
  Now, can we install the same certificate (that we put on the LB) on the portal as well?
  (This might not work because the server type will be different)
  (or)
  Do we need to buy 2 certificates with the same CN and install one each on the LB and portal ?
  Can some one please suggest on how to proceed with the SSL setup and certificate installation process ?
  Thank You ,
  Raj

  Raj Kumar wrote:
  My question is about how to go about installing the certificates on the LB and on the portal.
  If you aren't using web dispatcher, then the details of the installation on the LB will depend on your LB (Cisco? Radware? etc?). I suggest contacting your LB vendor for that.
  Sen's link is for SSO, you want the [SSL procedure|http://help.sap.com/saphelp_nw70/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm].
  You probably don't need a signed cert on the portal server itself (depending on whether your LB validates the cert). You could just use the default self-signed cert, since users won't be connecting to it directly and so won't be troubled by warnings about untrusted certs: the traffic from the AS would still be encrypted, you would only lose out on the server authentication feature (which you don't need, since again users won't see it).
  On the other hand, do you really need SSL on portal server? That adds overhead at both the LB and portal. It's usually sufficient to use HTTP from the LB to the back-end, as long as the servers only allow connections from the LB. I realize you aren't using web dispatcher, but this looks like scenario #3 in [this diagram|http://help.sap.com/saphelp_nw70/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm]
  Regards,
  Sean

• Report server Load balancing

  short description of the setup:
  2 hosts running report services say reportsvc_1, reportsvc_2 in the sanme subnet.
  reports are called using run_report_object from within oracle forms.
  Is there any mechanism that these two hosts can share the load, load balanced. I know run_report_object requires report service name in order to run.
  what other mechanism can be used to load balance report requests initiated from oracle forms.
  Thanx

  You will need a virtual server between the app server and report server. Something like this:
  App server
  ....|
  ....|
  ....^ - virtual IP server
  .|.....|
  R1..R2 - report servers
  The virtual IP server accepts the call from the app server and rotates which 'back end' report server per call. It is a crude, round-robin solution, but it works relatively well. You have to hope that every-other report isn't rough on the server.