Using external Load Balancer
Application Load Balancing (Layer 7)
This page provides information about recommended ways to use sessions with a Layer 7 load-balancer.
Most load-balancers have the ability to provide cookies for pinning subsequent traffic from a client to the appropriate server. This method is called sticky session, session persistence or session affinity. Using cookies efficiently requires the client to know when a cookie should be sent, should not be sent or should be deleted.
Sticky session load balancing
Each MetaDefender Core instance has its own databases and application sessions that cannot be seen by other instances. Therefore, in order to get the related data/response to our queries we should ask the appropriate MetaDefender Core v5 server. On the other hand, to keep the advantages of the used load balancing method, cookies should not be sent if it is not necessary.
Single file scanning
| Step | Stage | Task | Cookie usage |
|---|---|---|---|
| 1. | Sending file | Initiate processing a file on the client side. Send file through the load-balancer. (See POST File AnalysisAPI) | Cookie should not be sent |
| 2. | Sending file | Save the cookie and the data_id you got from the load-balancer | Save cookie |
| 3. | Getting result | Request result related to data_id saved in step 2. (See GET File AnalysisAPI) | Send cookie saved in step 2 |
| 4. | Getting result | If processing is in progress (See GET File AnalysisAPI), wait a little while and repeat step 3. | Send cookie saved in step 2 |
Batch scanning
| Step | Stage | Task | Cookie usage |
|---|---|---|---|
| 1. | Open batch | Initiate processing file(s) in batch. Request a batch ID through the load-balancer. (See POST Initiate BatchAPI) | Cookie should not be sent |
| 2. | Open batch | Save the cookie and the batch_id you got from a Core server through the load-balancer. | Save cookie |
| 3. | Sending files | Send file through the load-balancer. (See POST File Analysis (using batch header)API) | Send cookie saved in step 2 |
| 4. | Sending files | Save the data_id you got from the load-balancer. | - |
| Sending files | Status/result of scanning of sent files can be queried: (See GET File AnalysisAPI) | Send cookie saved in step 2 | |
| 5. | Sending files | Repeat step 3-4. with files wanted to be in the same batch. | - |
| 6. | Getting batch status | See GET Batch StatusAPI | Send cookie saved in step 2 |
| 7. | Close batch | Tell the server that no more files will be sent to this batch. (See POST Close BatchAPI). (This will only be successful if all the files sent to the batch have been processed already. Repeat this step until batch is closed.) | Send cookie saved in step 2 |
| 8. | Getting results | Request results related to batch ID saved in step 2. (See GET Download Batch Signed ResultAPI | Send cookie saved in step 2 |
If it does not matter which upstream server responds, the queries should be sent without cookie.
It is recommended not to send cookies when it's not necessary to allow load-balancer to use its own method to share the load between MetaDefender Core v5 servers.
Limitations, additional notes
Using load-balancing between MetaDefender Core servers does not support:
- Global scan history
- Core server administration through load-balancer
OPSWAT products that support HTTP load balanced MetaDefender Cores
| Product name | Minimum version | Further information |
|---|---|---|
| MetaDefender Kiosk | 4.3.4 | - |
| OPSWAT Client | Windows: 7.6.247.0 Mac: 10.4.243.0 | - |
| MetaDefender Email Security | 4.3.0 | - |
| MetaDefender ICAP Server | 4.3.0 | - |
| MetaDefender Vault | 1.3.0 | - |
| MetaDefender for Secure Storage | 2.0.7 | - |
DNS Load Balancing
Using this method is logically similar to Layer 7 load-balancing.
Briefly how it works
Client uses a domain name to send a query to a server. Client's DNS server has more "A" records for that name with different IPs. When a client resolves the server's domain name DNS server randomly chooses an IP for that name to send back. When a session is used on the application layer, client should know the IP address of the Core server that handles that specific session. In every other case, client should resolve the domain name with DNS query to let requests to be balanced between MetaDefender Core servers.
Single file scanning
| Step | Stage | Task | Addressing |
|---|---|---|---|
| 1. | Choose a Core server by using DNS load balancing | Resolve the Core servers' common domain name. | Use domain name |
| 2. | Choose a Core server by using DNS load balancing | Save the IP gotten from the DNS server. | Save the IP |
| 3. | Sending file | Initiate processing a file on the client side. (See POST File AnalysisAPI) | Use IP saved in step 2 |
| 4. | Sending file | Save the data_id got from the Core server | - |
| 5. | Getting result | Request result related to data_id saved in step 2. (See GET File AnalysisAPI) | Use IP saved in step 2 |
| 6. | Getting result | If processing is in progress (See GET File AnalysisAPI), wait a little while and repeat step 3. | Use IP saved in step 2 |
Batch scanning
| Step | Stage | Task | Addressing |
|---|---|---|---|
| 1. | Choose a Core server by using DNS load balancing | Resolve the Core servers' common domain name. | Use domain name |
| 2. | Choose a Core server by using DNS load balancing | Save the IP gotten from the DNS server. | Save the IP |
| 3. | Open batch | Initiate processing file(s) in batch. Request a batch ID. (See POST Initiate BatchAPI) | Use IP saved in step 2 |
| 4. | Sending files | Send file to the specific Core server with the basch ID saved in step 3. (See POST File Analysis (using batch header)API) | Use IP saved in step 2 |
| 5. | Sending files | Save the data_id you got from the Core server. | - |
| 6. | Sending files | Status/result of scanning of sent files can be queried: (See GET File AnalysisAPI) | Use IP saved in step 2 |
| 7. | Sending files | Repeat step 3-4. with files wanted to be in the same batch. | - |
| 8. | Getting batch status | See GET Batch StatusAPI | Use IP saved in step 2 |
| 9. | Close batch | Tell the server that no more files will be sent to this batch. (See POST Close BatchAPI). (This will only be successful if all the files sent to the batch have been processed already. Repeat this step until batch is closed.) | Use IP saved in step 2 |
| 10. | Getting results | Request results related to batch ID saved in step 2. (See GET Download Batch Signed ResultAPI). | Use IP saved in step 2 |
Limitations, additional notes
Using load-balancing between MetaDefender Core servers does not support:
- Global scan history
- Core server administration via DNS load-balancing
OPSWAT products that support DNS load balanced MetaDefender Cores
| Product name | Minimum version | Further information |
|---|---|---|
| MetaDefender Kiosk | does not support yet | - |
| MetaDefender Client | does not support yet | - |
| MetaDefender Email Security | does not support yet | - |
| MetaDefender ICAP Server | does not support yet | - |
| MetaDefender Vault | does not support yet | - |