Configuring the Web Interface › Web Directors and Web Engines Configuration › How Web Director Handles User Sessions › How to Set Up Web Director in an SSL Environment
How to Set Up Web Director in an SSL Environment
Consider the following information if one or more of the web engines associated with a web director are configured with UseDirector AfterLogin, and the rest of the web engines are configured with UseDirector BeforeLogin:
- UseDirector AfterLogin—When a web director receives a request, it determines the web engine most willing to handle the request, but only selects from the web engines with UseDirector AfterLogin. For login, the web director considers web engines with a willingness of zero. When a web engine configured with UseDirector AfterLogin receives a request (either by referral from the web engine or by a user directly accessing its URL), it authenticates the user by whatever method is configured in the user access type. After the user is authenticated, the web engine asks the web director for a referral, and the web director again selects a web engine, this time from all web engines associated with it, and configured with UseDirector BeforeLogin (except the web engines with a willingness of zero). When the authenticating web engine receives the referral, it transfers the session to the recommended web engine.
- UseDirector BeforeLogin—If a user in this environment attempts direct access to a web engine configured with UseDirector BeforeLogin, the web engine sends a message to the web director asking for a referral. The web director responds with a referral to a web engine configured with UseDirector AfterLogin, and the original web engine transfers the request to the recommended web engine.
To set up web director in an SSL environment, we recommend that you configure one HTTP server for secure sockets, and associate a single web engine with that server as follows:
- Read and understand how web director handles sessions.
- Configure the single web engine with UseDirector AfterLogin and WillingnessValue 0.
- Configure one or more additional web engines to connect with a second HTTP server that uses standard HTTP protocol.
- Configure these web engines with UseDirector BeforeLogin and WillingnessValues appropriate to the relative capacity of their host computers.
The web director can direct all logins to the secure server (because servers with willingness zero are still eligible for login), but refers the rest of the session to one of the other web engines.