Configuring a Load Balancer for Archer

Load balancers act as reverse proxies and distribute network or application traffic across a number of servers. The devices help increase capacity of concurrent users and reliability of applications.

On this page

Load balancers and server configuration

You must do the following:

  • Share Session state and ViewState information within the Web Servers.

  • Provide a mechanism to ensure that any web farm server can process this information.

  • Configure the server through the Machine Key option of the Archer site, which is added to the web.config file in the Web Application directory of each Web Server.

Requirements for a load-balanced installation

  • Active Directory domain account set to Modify access.
  • Common Archer files hosted in a file share.
  • X.509 certificate that all Web servers use.

  • A common account with permissions to configure Archer services.

  • Port 8000 that servers containing IIS and Advanced Workflow Services use to communicate.

Note: The permissions on the X.509 Certificate, used by the web and application servers, grant the Active Directory domain account read access to the private key.

Installation process

Task 1: Preparation

Before configuring the Web Servers for load balancing, do the following:

  1. Verify that the load balancer, application, and database servers are located on the same local area network.
  2. Verify that you have the Platform installation package.
  3. Verify that you have administrative access for all applications and Web Servers that host the Archer Platform.
  4. Create an X.509 Certificate to authenticate to the Configuration service from the Web Application and Archer services. When performing a new installation, Archer recommends that you use an existing certificate. You can either import or select an existing certificate. Otherwise, create a new certificate.
  5. Generate a common Machine Key that IIS uses on all web farm servers.
  6. Set up an Active Directory domain account for impersonation purposes. Configure a UNC-accessible file share that all servers running Archer application code can access. These servers host common files such as search indexes, file repository, and company files.
  7. Configure least-privilege permissions on a file system and shared directory structures. These host common files and verify that the Active Directory domain account has appropriate access to the network share.
  8. Modify the identity of the application pool that the Archer web and application services use for the Active Directory domain account configured above.

Task 2: Install Archer

Complete the installation process described in Installing Archerprepare the servers and install the components.

Task 3: Generate the machineKey

The format of the Machine Key setting appears as follows:

<machineKey

validationKey="some long hexadecimal value"

decryptionKey="another long hexadecimal value"

validation="SHA256"/>

  1. On a Web Server being configured for load balancing, start IIS Manager.
  2. From the Sites node, select the Archer site, and double-click the Machine Key applet.
  3. On the Machine Key page, do the following:
    1. Set the values of the following parameters. For information on the values see https://technet.microsoft.com/en-us/library/hh831711(v=ws.11).aspx.
      • Encryption Method
      • Decryption Method
    2. In the Validation Key and Decryption Key sections, clear any selected options.
    3. In the actions panel, select Generate Keys.
  4. In the Actions panel, click Apply to save the generated keys to the web.config file.

    5. The generated keys appear in the Validation key and Decryption key sections.

  5. For all subsequent Web Servers, do the following:
    1. Copy the generated key values from the Validation key and Decryption key sections.
    2. On the other Web Servers, repeat steps 1 - 3b to generate the machineKey.
    3. Paste the values from the generated machineKey into the respective Validation key and Decryption key boxes on the Machine Key page.
    4. In the Actions panel, click Apply.

Task 4: Test the load balanced URL

  1. Verify whether you can access Archer through the load balanced URL.

    Common problems that may occur post-configuration include dashboards not displaying correctly or file-repository access failing. If either problem occurs, access each Web Server individually from your browser instead of using the load-balanced URL. This helps identify in which systems issues occur.

  2. Verify the following:
    • The IIS application pool runs under the correct Active Directory domain account credentials.
    • The Machine Key setting in the web.config file matches the applicable Validation key and Decryption key values.