Riva Insight Load Balancing Requirements

For a Highly Available (HA) configuration — with an internal load balancer and multiple servers — and a Disaster Recovery (DR) strategy, a Riva Insight installation on-premises has the following requirements.

• Network Layer Requirements
   
  • For Active/Active configurations:
    • Recommended: Layer 7 Load balancing with cookie-based sticky sessions; certificates & session "stickiness" can be configured in the load balancer. This also allows the servers themselves to use local certificates.
    • Alternative: Layer 3 or 4 Load balancing with IP-based sticky sessions; 
      • Note: For sticky sessions, for best performance, ensure the session duration of at least 24 hours for the best user experience.
    • Both servers should share the same machine key.  This can be found in the ASP.NET web.config.
    • The certificate goes on the load balancer, not the servers.
    • Use Redis for session management (the use of the ASP.NET State Service for Riva Insight is no longer supported).
       
  • For Active/Passive configurations:
    • A NAT configuration with appropriate network probes.
       
• Health Checks
   
  • Health checks are required to determine if the host is available.
    • For basic health checks, using a TCP:433 
    • For more advanced deployments use the following endpoints /health.check or the /versionInfo.json
       
• Security
   
  • In some load balancer configurations,  the front-end URL is configured for HTTPS and traffic is routed to the the internal servers (IIS).
    • When the internal servers are configured to NOT use SSL, this will create challenges with Riva Insight as the internal servers will recognize that the site is not running on HTTPS/SSL.
      Therefore, the authentication cookies will not be secure.
    • The cookies will not be sent back to the client browser as the browser expects the secure cookies, while the server created the 'Not Secure' cookies.
      Without the secure cookies, the authentication session cannot be validated and the user is sent back to the login page.
       
  • To have Riva Insight run within this load balancer configuration, there are two options:
     
    • Option 1:
      • Have the internal servers configured with HTTPS (and SSL Certs)
      • Have the load balancer forward the traffic to the HTTPS sites (urls)
         
    • Option 2:
      • Upgrade Riva Insight Server to version 2023.1.8.9668 or higher;
      • Add the following key to ~\Insight\App_Data\AppSettings.xml:

Insight.UseSecureConnectionForLB = true

Considerations:

• What type of Load Balancing technology is being utilized?
• What are the recovery expectations? If using an Active/Active setup, recovery time could be 0 minutes.

See also:

• Riva On-Premise backup and DR strategy.
• DR procedures.

Adding the X-Forwarded-For (Original Client IP) to the IIS Server Logs

Powershell

This is the PowerShell command to add X-Forwarded-For header at the server level.

Add-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST'  -filter "system.applicationHost/sites/siteDefaults/logFile/customFields" -name "." -value @{logFieldName='X-Forwarded-For';sourceName='X-Forwarded-For';sourceType='RequestHeader'}

Add X-Forwarded-For column in IIS 8.5 and newer versions

Custom logging became easier to configure with the IIS 8.5. Follow the steps below to add X-Forwarded-For column into IIS logs.

1. Open IIS Manager
2. On server, site or application level, double click “Logging”
3. Click “Select Fields“
4. In “W3C Logging Fields” window, click “Add Field“
5. In the “Add Custom Field” window, fill out the following fields
   • Field Name: X-Forwarded-For, Source type: Request Header, Source: X-Forwarded-For
6. Click “OK” in both open windows
7. Click “Apply” in the actions pane

Tags: help Related Articles: Attachment: Status: Published MainAdvanced KBPublisher 7.0.2