Re: Hardware Load Balence of Kerberos



Joe,

In MOST cases you are correct...BUT....in some cases you are not. In the case of LDAP, take a poorly written app the requires a ip address entered for the LDAP host...or in the Kerberos case, device that depends on a krb5.conf file.....now I know that I could add additional kdc entries to the krb5.conf file, but I don't care to manage that on a large number of devices. So, do you have any information that would address this scenario, or a constructive reply to my original question ?

Thanks !!

Geoff



Joe Richards [MVP] wrote:
You shouldn't have to for LDAP nor Kerberos, there is load balancing and redirection built into the product.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

============================================================================

Do not read this worthless blog entry on
Defending Security Infrastructures http://blog.joeware.net/2006/07/11/445/
I'm serious, you will learn absolutely nothing about
Defending Security Infrastructures.
============================================================================


Geoff wrote:
Hello everyone

Has any here used a Hardware Load Balancer device such as Cisco Arrowpoint to load balance AD Kerberos? We currently do it for AD DNS and AD LDAP, and I'm investigating doing it for Kerberos as well.

Thanks ,

Geoff
.