How to configure BlackBerry Social Networking Application Proxy load balancing using Apache

Article ID: KB22989

Type: Support Content

Last Modified: 12-15-2011

 

Product(s) Affected:

  • BlackBerry Social Networking Application Proxy
  • BlackBerry Client for IBM Lotus Quickr
  • BlackBerry Client for IBM Connections
CollapseEnvironment
  • BlackBerry® Client for IBM® Lotus® Connections
  • BlackBerry® Client for IBM® Lotus® Quickr
  • BlackBerry® Social Networking Application Proxy
CollapseOverview

Load balancing is one of the ways to increase the number of concurrent client connections to the application server. There are two types of load balancers that can be used.

  1. Hardware load balancer
  2. Software load balancer

The scope of this document is to provide steps for load balancing the multiple instances of the BlackBerry Social Networking Application Proxy Service deployed on Tomcat servers using software load balancer. There are several commercial and non-commercial software load balancers available in the market that can used for load balancing Tomcat server; however we will use Apache HTTP Server 2.2 and Mod_JK module with AJP protocol.

The Apache HTTP Server is scalable web server that can accept the user requests and sends them to balanced instances of Tomcat server using the Mod_jk module in between. The Mod_jk module has an integrated virtual load balancer worker that can contain any number of physical workers or particular physical nodes. Each of the nodes can have its own balance factor or worker's quota (lbfactor). The Lbfactor is how much we expect this worker to work in other words, workers's work quota. To setup the round robin (symmetric) topology as it’s shown in this document set equivalent lbfactor for all nodes serving as part of load balancer configuration.


Table of Contents:

  1. BlackBerry® Social Networking Application Proxy Installation and Configuration
  2. Feed Reader Configuration
  3. Apache HTTP Server 2.2 Installation and Configuration
  4. Update IT Policy Rules for Client setup

1 - BlackBerry® Social Networking Application Proxy Installation and Configuration

  1. Follow the BlackBerry® Social Networking Application Proxy installation guide to install Social Networking Application Proxy service for node1 and node2. Skip this step if the BlackBerry Social Networking Application Proxy has already been installed on targeted nodes.
  2. Find server.xml located under “C:\Program Files\Research In Motion\BlackBerry\SNAP\snap_tomcat\conf\“ directory for all BlackBerry Social Networking Application Proxy service nodes.
  3. Modify server.xml as per following instructions. Follow the same instructions for every additional node in the cluster.
    • Node 1:
        <Engine defaultHost="localhost" jvmRoute="node1" name="Catalina">
        <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"></Connector>
    • Node 2:
      <Engine defaultHost="localhost" jvmRoute="node2" name="Catalina">
      <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"></Connector>
  4. Restart BlackBerry Social Networking Application Proxy Services on all nodes.

2 - Feed Reader Configuration

The Feed Reader Service should not run in a load balancing environment, therefore all BlackBerry Social Networking Application Proxy nodes should point to one active Feed Reader service. The following steps describe how to configure Feed Reader for snap nodes that are running in clustered environment.

Select the Feed Reader Service installed on node1 or node2 to be the active Feed Reader service.

Note: You must have only one Feed Reader active among all nodes in the clustered environment, therefore it is advised to stop Windows “BlackBerry SNAP FeedReader” service on all other nodes
  1. Log on to node1 using https://<node1_SNAP_server_name>:22443/snapconsole
  2. Under IBM® Lotus® Connections panel
  3. Repeat step 2 for Node2 BlackBerry Social Networking Application Proxy server (https://<node2_SNAP_server_name>:22443/snapconsole) and every BlackBerry Social Networking Application Proxy node in the cluster
  4. Restart BlackBerry Social Networking Application Proxy Services from each and every node in the cluster.

3 - Apache HTTP Server 2.2 Installation and Configuration

The following configuration for Apache HTTP Server 2.2 and Apache MOD_JK module is to perform weighted round-robin load balancing with sticky sessions between two BlackBerry Social Networking Application Proxy Services; node1 and node2 over the AJP protocol.

  1. Download and install Apache 2.2.x http server from Apache Foundation website (http://httpd.apache.org/download.cgi)
  2. Download openSSL (usually Apache 2.2 installation includes OpenSSL.exe) from http://gnuwin32.sourceforge.net/packages/openssl.htm
  3. Add or update workers.properties file located under <Apache 2.2 home directory>/conf/ directory (Example: C:/Program Files/Apache Software Foundation/Apache2.2/conf/). The following is the template shows configuration of two nodes.

    # Define list of workers that will be use for mapping requests
    worker.list=node1,node2,loadbalancer
    #Define Node1
    worker.node1.port=8009
    worker.node1.host=<node1 SNAP server IP / DNS name>
    worker.node1.type=ajp13
    worker.node1.lbfactor=1

    #Define Node2
    worker.node2.port=8009 # Set 8010 if SNAP installed on same server machine
    worker.node2.host=<node2 SNAP server IP / DNS name>
    worker.node2.type=ajp13
    worker.node2.lbfactor=1

    #Load-balancing behavior
    worker.loadbalancer.type=lb
    worker.loadbalancer.balanced_workers=node1,node2
    #1= always forward user’s request to the same server
    worker.loadbalancer.sticky_session=1

  4. Use openSSL to generate a certificate <loadbalancer_servername>.cer for Apache 2.2 Server (Load Balancer) and store it under the <Apache 2.2 home directory>/conf/ directory. Refer to the openSSL reference guide for generating the certificate.
  5. Use openSSL to generate the private key <loadbalancer_servername>.key for Apache 2.2 Server (Load Balancer) and store it under the <Apache 2.2 home directory>/conf/ directory. Refer to the openSSL reference guide for generating the key.
  6. Use following instructions to add httpd-ssl.conf file for SSL setup in Apache 2.2 server. The file needs to be stored under the <Apache 2.2 home directory>/conf/ directory.

    #### SSL Configuration (httpd-ssl.conf) ####

    Listen 443
    SSLEngine on
    SSLOptions +StrictRequire
    SSLProtocol -all +TLSv1 +SSLv3
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
    SSLMutex default

    SSLSessionCache "shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache"
    SSLSessionCacheTimeout 600

    # ### Certificate File #####
    SSLCertificateFile “C:/Program Files/Apache Software Foundation/Apache2.2
    /conf/<loadbalancing_servername>.cer“
    # ### Key File (use openssl) #####
    SSLCertificateKeyFile “C:/Program Files/Apache Software Foundation/Apache2.2
    /conf/ <loadbalancing_servername >.key“
    SSLVerifyClient none
    SSLProxyEngine off

    <IfModule mime.c>
    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl .crl
    </IfModule>

    #######################################

  7. Find httpd.conf file located under the <Apache2.2 home directory>/conf/ directory.
  8. Update httpd.conf file by adding following instructions for SSL.
    :
    :
    #Load SSL module
    LoadModule ssl_module modules/mod_ssl.so
    :
    :
    #Secure (SSL/TLS) connections
    Include “C:/Program Files/Apache Software Foundation/Apache2.2/conf/httpd-ssl.conf”
    :
    :
  9. Download mod_jk.so if the file does not exist in the <Apache2.2 home directory>/modules/ directory
  10. Update httpd.conf file by adding following instructions for mod_jk module.

    :
    :
    #### JK_MODULE ####
    LoadModule jk_module modules/mod_jk.so

    ####Set JKWorker File ###
    JkWorkersFile “C:/Program Files/Apache Software Foundation/Apache2.2/conf/workers.properties”
    JkShmFile logs/mod_jk.shm #shared memory file
    JkLogFile logs/mod_jk.log

    ## log level [debug/error/info] ##
    JkLogLevel info
    JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

    # Mount point from a context to a Tomcat worker
    JkMount /lcs-250 loadbalancer
    JkMount /lcs-250/* loadbalancer

    JkMount /pbstws loadbalancer
    JkMount /pbstws/* loadbalancer

    JkMount /lcsClient loadbalancer
    JkMount /lcsClient/* loadbalancer

    JkMount /snapconsole loadbalancer
    JkMount /snapconsole/* loadbalancer
    #######################################
    :
    :

  11. Restart Apache 2.2 HTTP Server.

4 - Update IT Policy Rules for Client setup

Configure the following IT Policy rule to set up the load balancer URL https://<loadbalancer_servername>/lcs-250/services from the RIM Value Added Applications policy group.

  • BlackBerry Social Networking Application Proxy URL for Lotus Connections

For complete instructions refer to BlackBerry® Administration Service section of the BlackBerry Social Networking Application Proxy product documentation.

CollapseAdditional Information

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.