Zoomdata Version

Configuring Zoomdata Server Behind a Load Balancer

OVERVIEW

Load balancing helps you to scale Zoomdata to hundreds of users. Zoomdata Server(s) can be load balanced both on-premise and with Cloud deployments. This article provides guidance and steps for on-premise deployments.

Zoomdata has tested active-active load balancing configuration and this article focuses on this particular setup. In addition, the setup instructions provided below takes into account that Zoomdata uses its own dedicated PostgreSQL server as the metadata store (in other words, PostgreSQL was installed as part of the Zoomdata installation process).

Load Balancing Zoomdata On-premise

Zoomdata Server(s) can be load balanced in your network environment, which includes native SSL support and is able to proxy websocket traffic (as shown in Figure 1).


Figure 1

In order to set up Zoomdata to support load balancing, you will next to take the following steps in sequential order:

  1. Configure the PostgreSQL server *
    *If you connected Zoomdata to an existing PostgreSQL server deployed in your network, you can skip this step.
  2. Set up Zoomdata instances
  3. Test Zoomdata connectivity
    Verify that the correct ports are open and Zoomdata is able to communicate with the PostgreSQL metadata store.

CONFIGURING the PostgreSQL SERVER (Metadata Store)

The steps below were validated on the CentOS 6.x and 7.x platforms.
You should only install one PG instance to manage metadata in a centralized location for all your Zoomdata instances.
  1. Install the PostgreSQL instance by running the following:
    • For CentOS v6:
      sudo yum install https://download.postgresql.org/pub/repos/yum/9.5/redhat/rhel-6-x86_64/pgdg-centos95-9.5-2.noarch.rpm

      sudo yum install postgresql95-server
    • For CentOS v7:
      sudo yum install https://download.postgresql.org/pub/repos/yum/9.5/redhat/rhel-7-x86_64/pgdg-centos95-9.5-2.noarch.rpm

      sudo yum install postgresql95-server
      Next, you will need to edit the PostgreSQL-related configuration files.
  2. Stop the PostgreSQL service.
    sudo service postgresql-9.5 stop
    Next, you will edit the following PostgreSQL-related configuration files:
    • postgresql.conf: sets PostgreSQL to listen to a network interface instead of a socket.
    • pg_hba.conf: sets the permissions for the new connection type.
  3. Use the following command to access and open the property file:
    vi /var/lib/pgsql/9.5/data/postgresql.conf
    If the configuration file does not exist, this command will create it.
  4. Remove the commenting tag from the following line and appending the IP address of the Zoomdata server. (for example, you can set PostgreSQL to listen for connections on Localhost as well as a specific IP address):
    #CONNECTIONS AND AUTHENTICATION
    # - Connection Settings -
    listen_addresses = ' * '
    # what IP address(es) to listen on;
    # comma-separated list of addresses;
    # defaults to 'localhost'; use '*' for all
    # (change requires restart)
    #port = 5432
    • Using the * allows PG to bind all available network interfaces. Meaning, via localhost as well as specific IP addresses.
      Replace localhost and 123.456.7.890 with specific IP addresses.
    • Port 5432 is the default for PostgreSQL. If you use another port, make the necessary changes in PostgreSQL configurations to ensure that it is able to access the custom port.
  5. Edit the following property file:
    vi /var/lib/pgsql/9.5/data/pg_hba.conf
  6. Locate the following section and add the permission to set for the new connection type:
    # TYPE   DATABASE   USER   ADDRESS             METHOD
    # IPv4 local connections
    host   all        all 0.0.0.0 /0    md5
  7. Start PostgreSQL:
    sudo service postgresql-9.5 start
  8. Add an administrator that will have access privileges to PostgreSQL.
    postgresql-9.5 zoom --eval "db.createUser({user:' db_username ', pwd:' db_password ',roles:['readWrite']});"
    • Replace db_username and db_password with your specific username and password.
    • You will need to enter these credentials when setting up the Zoomdata instances.
    • Refer to PostgreSQL's documentation if you plan to use their failover procedure.
  9. To verify that the server is listening on port 5432 run the following command:
    ss -l -n | grep 5432
Other commands will work as well such as netstat -anlp|grep 5432 .

If connectivity is not working, proceed to run the following command to allow traffic via the firewall:

sudo firewall-cmd —permanent —zone=trusted —add-source=123.456.7.890/32
sudo firewall-cmd —permanent —zone=trusted —add-port=5432/tcp
sudo firewall-cmd —reload

Set Up Zoomdata Instances

  1. Install Zoomdata on each backend server.
    Ensure that you install the same Zoomdata version on each server.
  2. Stop all of the Zoomdata service(s).
    For the appropriate Linux command line, refer to the article Stopping Zoomdata Services .
  3. Use the following command to access and open the zoomdata.properties file.
    vi /etc/zoomdata/zoomdata.properties
    If the configuration file does not exist, this command will create it.
  4. Add the PostgreSQL parameters into the zoomdata.properties file. Copy these parameters from the article Install Zoomdata Manually, specifically, from the section ' Add the Default Metadata Parameters to the Zoomdata.Properties File '.
    Ensure that you have saved and exited zoomdata.properties file before continuing to the next step.
  5. Use the following command to access and open the scheduler.properties file.
    vi /etc/zoomdata/scheduler.properties
    If the configuration file does not exist, this command will create it.
  6. Add the PostgreSQL parameters into the scheduler.properties file. Copy these parameters from the article Install Zoomdata Manually, specifically, from the section ' Add the Default Metadata Parameters to the Scheduler Property File '.

Configure Zoomdata to Work with Your Load Balancer

The configuration guidance provided below is specifically for the Zoomdata service and not for your Load Balancer.
  1. Configure SSL certificates in each Zoomdata node. The keystore is managed in the zoomdata.properties file. For the parameters that should be added, refer to the article Adding an SSL Certificate to the Zoomdata Server .
    Ensure that both servers use the same keystore configuration. These parameters are Zoomdata defaults.
  2. Save and exit the configuration file.
  3. Restart all of the Zoomdata service(s).
    For the appropriate Linux command line, refer to the article Starting Zoomdata Services .

Configuration for using SAML

  1. Currently, Zoomdata SAML implementation does not support unencrypted channel between the proxy and back-end servers when the proxy is configured to use SSL. When you use SAML with a load balancer, the SAML assertions from the Zoomdata server must be received using the same protocol configured on the load balancer.
  2. On the load balancer,  configure the backend servers to use SSL as follows:
    backend zoom_app
    mode http
    balance leastconn
    cookie JSESSIONID prefix nocache
    timeout server 6000s
    server web01 10.2.2.20:8443 check cookie web01 ssl verify none
    server web02 10.2.2.211:8443 check cookie web02 ssl verify none
  3. Restart the load balancer:
    sudo service load_balancer_name restart

Testing Zoomdata Connectivity

To test Zoomdata connectivity, refer to the article Access Zoomdata from Your Web Browser .