Zoomdata Version

Configuring Zoomdata Server Behind a Load Balancer

OVERVIEW

Load balancing helps you to scale Zoomdata to hundreds of users. Zoomdata Server(s) can be load balanced both on-premise and on Amazon EC2 instances. This article provides guidance and steps for on-premise deployments.

Load Balancing Zoomdata On-premise

Zoomdata Server(s) can be load balanced in your network environment using HAProxy, which includes native SSL support and is able to proxy websocket traffic (as shown in Figure 1).


Figure 1

In order to set up Zoomdata to support load balancing, you will next to take the following steps in sequential order:

  1. Configure the MongoDB server
  2. Set up Zoomdata instances
  3. Set up HAProxy server
These steps assume you are installing HAProxy on a separate server from the Zoomdata instances.

After load balancing has been set up, you can also configure HAProxy to support SAML . In addition, you can enable HAProxy for logging .

CONFIGURING the MONGODB SERVER

The steps below were validated on the CentOS 6.x and 7.x platforms.
  1. Install MongoDB instance .
  2. Access the MongoDB article Configure Linux iptables Firewall to configure iptables for use with MongoDB deployments.
    Port 27017 is the default for MongoDB. If you use another port, make the necessary changes in MongoDB configurations to ensure that it is able to access the custom port.
  3. Start MongoDB:
    sudo service mongod start
  4. Add an administrator that will have access privileges to MongoDB.
    mongo zoom --eval "db.createUser({user:' anadmin ', pwd:' p0ssward2dataz00m ',roles:['readWrite']});"
    • Replace anadmin and p0ssward2dataz00m with your specific username and password.
    • You will need to enter these credentials when setting up the Zoomdata instances.

Set Up Zoomdata Instances

  1. Install Zoomdata on each backend server.
  2. Stop the Zoomdata Server service.
    sudo service zoomdata stop
  3. Use the following command to access and open the zoomdata.properties file.
    vi /etc/zoomdata/zoomdata.properties
    If the configuration file does not exist, this command will create it.
  4. Enter the following command lines to ensure that your Zoomdata cluster nodes point to the same MongoDB instance. The following lines need to be entered to identify the default MongoDB name, username and password (that you created during MongoDB setup) and host information.
    zoomdata.db.name= replaceWithYourZoomdataName
    zoomdata.db.username= replaceWithYourUsername
    zoomdata.db.password= replaceWithYourPassword
    zoomdata.db.host= replaceWithYourHost
  5. Also in the zoomdata.properties file, add the following lines to disable the default Zoomdata behavior to redirect HTTP requests to HTTPS. This will allow HAProxy to communicate with Zoomdata via HTTP.
    #redirect from http to https
    https.redirect=false
  6. Save and exit the configuration file.
  7. Restart Zoomdata.
    sudo service zoomdata restart
  8. Make sure that port 8080 is open on all backend servers. If this port is not open, run the following commands:
    sudo iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT
    sudo service iptables save

Set Up HAProxy Server

  1. Run the following command to install HAProxy:
    sudo yum install haproxy
  2. Change to the following path:
    cd /etc/haproxy
  3. Create a certificate or copy existing one (from certification authority) to /etc/haproxy folder. To create one, run the following:
    sudo openssl genrsa -out ca.key 1024
    sudo openssl req -new -key ca.key -out ca.csr
    sudo openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
    sudo vi cert.pem #Create and save an empty file
    sudo chmod a+w cert.pem
    sudo cat ca.key ca.crt > cert.pem
  4. Replace the existing haproxy.cfg with this file.
    Find <node1-ip> and <node2-ip> entries on strings 40 and 41 and change them to the actual IP addresses of the backend servers. If you have more than two backend servers, please add additional lines for each corresponding server.
  5. Start the HAProxy service:
    sudo service haproxy start
  6. Configure the HAProxy service to start automatically:
    sudo chkconfig haproxy on
  7. Verify that port 443 is open on your load balancer.  If this port is not open, run the following commands:
    sudo iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
    sudo service iptables save
If users are experiencing frequent websocket timeouts, please refer to this troubleshooting article .

Configuration for using SAML with HAproxy

  1. Currently, Zoomdata SAML implementation does not support unencrypted channel between the proxy and back-end servers when the proxy is configured to use SSL. When you use SAML with a load balancer, the SAML assertions from the Zoomdata server must be received using the same protocol configured on the HAProxy.
  2. For HAProxy,  configure the backend servers to use SSL as follows:
    backend zoom_app
    mode http
    balance leastconn
    cookie JSESSIONID prefix nocache
    timeout server 18000s
    server web01 10.2.2.20:8443 check cookie web01 ssl verify none
    server web02 10.2.2.211:8443 check cookie web02 ssl verify none
  3. Restart HAProxy service:
    sudo service haproxy restart

HAPROXY LOGGING

To enable logging for HAProxy service, perform the following steps:

  1. Add or uncomment the following lines in the /etc/rsyslog.conf file:
    # Provides UDP syslog reception
    $ModLoad imudp.so
    $UDPServerRun 514
  2. Create a /etc/rsyslog.d/haproxy.conf file containing
    local2.* /var/log/haproxy.log
  3. Restart system logger:
    sudo service rsyslog restart