If you are planning to use an external load balancer, it must comply with the following requirements:
Requirement |
Description |
If you are deploying a geographically distributed system, the HTTP Global Server Load Balancing (GSLB) must route requests basing on the user’s location. |
The GSLB functionality can be part of the DNS server and not the load balancer. In this case, however, the DNS server must be able to route requests to different locations based on the location of the browser that initiated the request. |
The HTTP Load balancer must support session affinity. Session affinity means that all requests from the client are always routed to the same server. |
Session affinity is based on cookies. The reverse proxy inserts a cookie to responses for incoming HTTP requests and routes subsequent requests that contain the same cookie to the same Avaya Aura® Device Services server. This feature is also known as sticky sessions. Do not use IP-based sticky sessions because this might affect load balancing. |
The HTTP load balancer must support web sockets. |
The load balancer must not block web socket requests and must relay the web socket connections between the client and the server. HTTP request timeout must be configurable. You must be able to configure the timeout value to the maximum duration of the conference to prevent it from timing out the web socket session. |
The HTTP load balancer must support URL routing. |
This requirement is only needed if you want to reuse a load balancer port. The load balancer must be able to route requests based on the request URL. Requests that start with /acs for Avaya Aura® Device Services services and /auth for keycloak services must be routed to Avaya Aura® Device Services. |
The HTTP load balancer must support TLS 1.2 or TLS 1.3. |
Avaya Aura® Device Services supports TLS versions 1.2 and 1.3. The load balancer must support the TLS version that you plan to use in your deployment. Some services might not support TLS versions other than 1.2. |
The HTTP load balancer must support at least some of the listed ciphers when interacting with back-end services. |
The list of ciphers:
ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA |
The HTTP load balancer must be able to use TCP health checks. |
The load balancer must be able to perform health checks of Avaya Aura® Device Services servers using TCP responses. For health checks, the load balancer must use the following URL: http://<AADS FQDN>:8457/health To avoid leaving multiple TCP sockets opened, you must be able to configure TCP health checks to half-opened connections. |
The external HTTP load balancer must relay the client certificates. |
This requirement is only needed for authenticating clients using client identity certificates. |
