we have webservers at two different data centers in different locations with completely different official ip subnetworks.
One of our customer wants special redundancy. He asked us for load balancing, but with only one ip address or domain at his configuration (in the client software there could be no second/alternative target configured).
So we thought about buying a css system and install it at our primary data center location. If the webserver at this location fails, the css should redirect the requests to the other data center.
I know that this is no real load balancing situation, but we are looking for using the css for our webservers as real load balancer as well later.
Some questions to this situation:
- is the css system able to check the status of our "remote" webserver at the other data center (official ip address, no tunnels or dedicated lines between the two data centers)?
- can we configure official ip addresses of the webservers "behind" the css system (something like: incoming request -> goto -> 212.59.xx.xx webserver1 or goto -> 217.5.xx.xx webserver2)?
- we have ordered a ssl wildcard certificate for https that we will store on the css. Does this work or will the customer get warnings that the target system differs from the certificate system?
The customer uses a client software that communicates with a special http interface on our webservers (no browser).
Or is there a possiblity to do the routing and health checking of the webservers with cisco routers?
Thanks for your help
One quick note on the ssl bit. If you terminate SSL at the CSS one thing to be aware of is that if your webserver at the primary location fails and the CSS then uses the "sorry server" at the backup location and that traffic goes over the Internet - it will be un-encrypted.
One way to resolve this would be to deploy a CSS at the backup location that terminates SSL as well and then use a GSS to handle the domain requests. The GSS could then be configured to only send the IP of the backup site to clients if the primary was down. This would maintain encryption to each of the sites CSS.
Wouldn't SSL backhaul be able to re-encrypt the traffic destined for the remote server in case of the outage of the server at the primary site? I haven't implemented backhaul SSL but it should, theoretically, be a viable solution.