In a geographically distributed deployment, the Avaya Aura® Web Gateway requires an external load balancer that must comply with the following requirements:
Requirement
Description
The HTTP Global Server Load Balancing (GSLB) must route requests basing on the user’s location.
The GSLB functionality can be part of the DNS server and not the load balancer. In this case, however, the DNS server must be able to route requests to different locations based on the location of the browser that initiated the request.
The HTTP Load balancer must support session affinity. Session affinity means that all requests from the client are always routed to the same server.
Session affinity is based on cookies.
The reverse proxy inserts a cookie to responses for incoming HTTP requests and routes subsequent requests that contain the same cookie to the same Avaya Aura® Web Gateway server.
This feature is also known as sticky sessions. Do not use IP-based sticky sessions because this might affect load balancing.
The HTTP load balancer must support web sockets.
The load balancer must not block web socket requests and must relay the web socket connections between the client and the server.
HTTP request timeout must be configurable. You must be able to configure the timeout value to the maximum duration of the conference to prevent it from timing out the web socket session.
The HTTP load balancer must support URL routing.
The load balancer must be able to route requests to different backends based on the request URL.
The HTTP load balancer must support URL rewrite.
The load balancer must be able to modify the URL path of the request based on simple rules to remove or rename parts of the path.
The HTTP load balancer must support TLS 1.2 or TLS 1.3.
Avaya Aura® Web Gateway supports TLS versions 1.2 and 1.3. The load balancer must support the TLS version that you plan to use in your deployment. Some services might not support TLS versions other than 1.2.
The HTTP load balancer must support at least some of the listed ciphers when interacting with back-end services.
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
AES128-GCM-SHA256
AES256-GCM-SHA384
AES128-SHA
The HTTP load balancer must be able to use TCP health checks.
The load balancer must be able to perform health checks of Avaya Aura® Web Gateway servers using TCP responses. To avoid leaving multple TCP sockets opened, you must be able to configure TCP health checks to half-opened connections.
The external HTTP load balancer must be able to use standard headers to determine the FQDN from the original request that is used to reach the system.
Avaya Aura® Web Gateway uses the Host header to identify the FQDN that is used by the client to reach the system.
Note:
This behavior is required if the customer requires different FQDNs per location or uses different FQDNs to reach the system. If a single global FQDN is used, you can ignore this requirement.
The external HTTP load balancer must relay the client certificates.
This requirement is only needed for authenticating clients using a client certificate.
The HTTP load balancer must be able to insert custom headers to HTTP requests.
