AWS Application Load Balancer (ALB)
Elastic Load Balancing automatically distributes your incoming traffic across multiple targets, such as EnginFrame or DCV sessions, in one or more Availability Zones. It monitors the health of its registered targets, and routes traffic only to the healthy targets. Elastic Load Balancing scales your load balancer as your incoming traffic changes over time. It can automatically scale to the vast majority of workloads.
Prerequisites
Availability Zones: You must select at least two subnets deployed in two disticnts Availability Zone. The following restrictions apply:
Each subnet must be from a different Availability Zone.
To ensure that your load balancer can scale properly, verify that each Availability Zone subnet for your load balancer has a CIDR block with at least a
/27bitmask (for example,10.0.0.0/27) and at least 8 free IP addresses. Your load balancer uses these IP addresses to establish connections with the targets.
Security Groups: The rules for the security groups that are associated with your load balancer must allow traffic in both directions on both the listener and the health check ports. Whenever you add a listener to a load balancer or update the health check port for a target group, you must review your security group rules to ensure that they allow traffic on the new port in both directions.
SSL Certificate (https only):
To use an HTTPS listener, you must deploy at least one SSL/TLS server certificate on your load balancer. The load balancer uses a server certificate to terminate the front-end connection and then decrypt requests from clients before sending them to the targets. The load balancer requires X.509 certificates (SSL/TLS server certificates). Certificates are a digital form of identification issued by a certificate authority (CA).
We recommend that you create certificates for your load balancer using AWS Certificate Manager (ACM). For more information, see:
- Doc
Configuration
Listeners
A listener is a process that checks for connection requests, using the protocol and port that you configure. The rules that you define for a listener determine how the load balancer routes requests to its registered targets.
Default CCME Application Load Balancer (ALB) listener configuration:
Protocol:
tcpFrom:
0.0.0.0/0Port:
443
Documentation AWS:
Target groups
Each target group is used to route requests to one or more registered targets. When you create each listener rule, you specify a target group and conditions. When a rule condition is met, traffic is forwarded to the corresponding target group.
Parameters:
Health path
Instance ID
Feature port
For each new headnode or compute node a signal is received by CCME to create new target group(s) depending on enabled node features.
Rules
The rules that you define for your listener determine how the load balancer routes requests to the targets in one or more target groups. Each rule consists of a priority, one or more actions, and one or more conditions.
For each new headnode or compute node a signal is received by CCME to create new rule(s) depending of enabled node features.
CCME HeadNode
EnginFrame: HPC web portal
# If OIDC is used as authentication method for EnginFrame type: Authenticate-oidc Data: Issuer AuthorizationEndpoint TokenEndpoint UserInfoEndpoint ClientId ClientSecret SessionCookieName # Forward the web portal in any case type: Forward url: "https://${alb_url}/${cluster_name}/portal/" port: "18443"
DCV: Remote visualization
type: Forward url: "https://${alb_url}/dcv-${instance_id}/" port: "8443"
CCME Compute Nodes
DCV: Remote visualization (if enabled)
type: Forward url: "https://${alb_url}/dcv-${instance_id}/" port: "8443"
CCME Windows visualization Nodes
DCV: Remote visualization
type: Forward url: "https://${alb_url}/dcv-${instance_id}/" port: "8443"