Load Balancer Behavior

A load balancer monitors the health of each Orchestrator nodes and redirects the traffic accordingly. To learn how the load balancer fits into the overall architecture of high availability systems, see Overview of High Availability Architecture.

HTTPS Traffic

The load balancer must monitor the health of the HTTPS service running on each node. To do this, it can either use a method based on an HTTPS request, or simply check whether TCP port 443 is responding, that is, whether a SYN ACK packet is received after a SYN packet is sent by the monitoring service. If an RST packet is received instead, or if no packet is received at all, then the monitoring feature must consider the monitored service to be down and discard the related node (take it offline).

The load balancer can redirect any HTTPS request to any of the healthy nodes. Because the orchestrator web application uses a database shared by both nodes, any healthy node can respond to any request.

HTTP Redirection

The orchestrator application uses HTTPS by default, and it sets an automatic redirection from HTTP/TCP/80 to HTTPS/TCP/443 to force users to use a secure connection.

The load balancer can forward HTTP requests to the nodes, which then handle the redirection. Alternatively, the load balancer itself can handle the redirection; this prevents any insecure connections from being established with a node.

Note: A load balancer is optional for the functioning of a high availability environment. The majority of users can access the Orchestrator web UI without this feature.