Re: SSL Certificates on NLB Cluster
- From: "Rodney R. Fournier [MVP]" <rod@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 13 Mar 2006 08:32:07 -0600
Correct. Affinity needs to be either Single or Class C for SSL to work with
NLB. Use Class C to bundle IPs from class C subnets to the same NLB host
computer.
Cheers,
Rodney R. Fournier
MVP - Windows Server - Clustering
http://www.nw-america.com - Clustering Website
http://www.msmvps.com/clustering - Blog
http://www.clusterhelp.com - Cluster Training
ClusterHelp.com is a Microsoft Certified Gold Partner
"Jay" <Jay@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DF592D2F-B478-4E9E-8940-E5AAA67C67E2@xxxxxxxxxxxxxxxx
Scenario: 2 Win 2003 Servers running in NLB Cluster mode hosting an
Asp.NET
application on IIS 6.0. I wish to install SSL certificate to secure the
site.
I have two options:
i) Generate Cert Request from each server and then proceed to install the
respective certificates.
ii) Generate Cert Request from one server and then install the certificate
on it and then export the certificate on to the other server.
If the cluster is configured to None affinity, then the user will go to
anyone of the servers forcing client key exchange (ssl) each time and
hence
making the process more expensive. [Ethereal Packet Capture shows this.]
The
only way I see is to set the Cluster to Single Affinity to enforce the
client
to go to the same server to maintain the ssl session.
My question is "Does installing SSL on NLB cluster force us to go for
Single
Affinity to avoid 'SSL Handshakes, Client Key exchange' on each visit?"
.
- Prev by Date: Exam Prep Questions - Advice Please
- Next by Date: Re: File sharing question
- Previous by thread: Exam Prep Questions - Advice Please
- Next by thread: Re: SSL Certificates on NLB Cluster:: Exporting Single Key vs. Unique
- Index(es):
Relevant Pages
|
