High-Availability and Load Balancing

Load balancers, or Application Delivery Controllers (ADCs), are used to make sure that services never goes down.

This guide will outline Pointsharp recommendations and requirements for achieving high-availability and load balancing for Pointsharp ID and Pointsharp Access Gateway.

The Pointsharp products are built with scaling as a foundation in the build process. High-Availability is achieved by adding at least a second server of the specified type. The system can be scaled out to handle more users, by adding more servers. The Pointsharp servers do not do load balancing by themselves, a hardware load balancer is required.

Pointsharp ID

There are two different types of clients that communicate with Pointsharp ID. These two client types are differentiated by the interface used for communication and require different configurations for a high-availability scenario.

RADIUS

The RADIUS interface can be used by a RADIUS client to authenticate users using most of the authentication methods offered by Pointsharp ID. The method to use for High-Availability and load balancing depends on the type of authentication method used.

Authentication method	Persistence	Note
Stateless methods (no challenge response)	None
Stateful methods (challenge response methods)	None	The LB should be configured to use an active/passive mode.

Authentication method

Persistence

Note

Stateless methods (no challenge response)

None

Stateful methods (challenge response methods)

None

The LB should be configured to use an active/passive mode.

Web services

The Representational State Transfer (REST) Web Service API can be used by web service clients for authentication of users and for authorization of devices.

Service	Persistence	Note
Authentication (stateless)	None
Authentication (stateful or NTLM)	Source based
Authorization	None

Service

Persistence

Note

Authentication (stateless)

None

Authentication (stateful or NTLM)

Source based

Authorization

None

Monitoring

Please consult the table for recommendations on how to monitor services offered by Pointsharp ID.

Service	Port	Monitor
RADIUS	UDP: (Configuration dependent)	L4 UDP port check
Web services	TCP:443	L7 HTTP https://<FQDN>/api

Service

Port

Monitor

RADIUS

UDP: (Configuration dependent)

L4 UDP port check

Web services

TCP:443

L7 HTTP https://<FQDN>/api

Pointsharp Access Gateway

The method of load balancing a set of Access Gateway servers is highly dependent on the clients and service that is published by the Access Gateway.

Service	Persistence	Note
Skype for Business (mobility & Mac client)	Cookie based	If the LB only acts on layer 4, use source based persistence (not recommended).
Skype for Business (PC clients)	Source based
ActiveSync	Source based
Outlook Web App	Source based
Exchange Web Services	Source based
MAPI over HTTP	Source based
Internal Access Gateway	Active/Passive	Only applicable in serial gateway configurations.

Service

Persistence

Note

Skype for Business (mobility & Mac client)

Cookie based

If the LB only acts on layer 4, use source based persistence (not recommended).

Skype for Business (PC clients)

Source based

ActiveSync

Source based

Outlook Web App

Source based

Exchange Web Services

Source based

MAPI over HTTP

Source based

Internal Access Gateway

Active/Passive

Only applicable in serial gateway configurations.

Monitoring

Please consult the table for recommendations on how to monitor Access Gateway.

Service	Port	Monitor
HTTP publishing	TCP:443	L4 TCP port check

Service

Port

Monitor

HTTP publishing

TCP:443

L4 TCP port check