Tuesday, 12 January 2010
Using Lotus Sametime Connect client in a load-balanced Sametime server environment
Following a client's recent experiences, I'm pleased to report that it appears to be possible to have a Sametime Connect client ( actually the Sametime 8.0.2 client within the Notes 8.5.1 client ) authenticate with a clustered Domino server via a load balancer.
Whilst the Sametime client itself does not allow the load balancer's hostname to be entered ( it assumes that the hostname is actually that of a Domino server ), there is a useful circumvention, documented in SPR PMIA6A9MMW: -
SPR# PMIA6A9MMW - When a notes client connects to a Domino server part of the protocol exchange includes the notes client telling the server what it thinks the server's name is. If the names do not match, the connection is terminated. This mechanism is part of the code which supports partitioned servers running on the same IP address.
However, because of this algorithm, we cannot use network sprayers in front of Domino servers. When a Notes client uses a Network Sprayer address as a Domino server address, the network sprayer may make the final connection to any of the Domino servers behind it. If the name supplied by the client is not the Domino server name of the selected server, the connection will be broken.
This fix provides a mechanism to skip the server name checking to allow this configuration to work.
NOTE: This mechanism is suitable ONLY if the database being accessed is available on all the Domino servers being sprayed to! This is only true for very constrained configurations. For example - Sametime Servers that want to use SSO, or clusters in which all accessed databases have replicas on all servers! There are many configurations in which this feature will not work.
To enable this feature, on each of the Domino servers behind the network sprayer add NETWORK_SPRAYER_ADDRESS=sprayer to notes.ini. Where "sprayer" is * * to match any name, or the DNS or HOST file name of the sprayer itself, or a comma separated list of names.
However, because of this algorithm, we cannot use network sprayers in front of Domino servers. When a Notes client uses a Network Sprayer address as a Domino server address, the network sprayer may make the final connection to any of the Domino servers behind it. If the name supplied by the client is not the Domino server name of the selected server, the connection will be broken.
This fix provides a mechanism to skip the server name checking to allow this configuration to work.
NOTE: This mechanism is suitable ONLY if the database being accessed is available on all the Domino servers being sprayed to! This is only true for very constrained configurations. For example - Sametime Servers that want to use SSO, or clusters in which all accessed databases have replicas on all servers! There are many configurations in which this feature will not work.
To enable this feature, on each of the Domino servers behind the network sprayer add NETWORK_SPRAYER_ADDRESS=sprayer to notes.ini. Where "sprayer" is * * to match any name, or the DNS or HOST file name of the sprayer itself, or a comma separated list of names.
This is further documented in this Technote.
Subscribe to Posts [Atom]