This section describes the additional steps required to successfully create a load-balanced Hyland IdP server environment. These steps must be completed on each IdP server in the load-balanced environment. See the following assumptions and considerations:
The following considerations need to be accounted for before attempting to load balance the servers:
-
Each server in the load-balanced environment should use the same idpconfig.json file. If a single, shared file cannot be used, the idpconfig.json files must be exactly the same between servers. In a default installation, the idpconfig.json file is located on each server at C:\Program Files\Hyland\identityprovider.
-
The identity running the application pool for each Hyland IdP server must have Modify access to the ipdconfig.json file.
-
The same keyfile directory, used for encrypting and decrypting cookies, tokens, and other values, must be accessible to all Hyland IdP servers in the load-balanced environment.
-
The identity running the application pool for each Hyland IdP server must have Modify access to the keyfile location.
-
The settings configured in the appsettings.json file of each Hyland IdP server must match all other Hyland IdP servers in the environment. In a default installation, the appsettings.json file is located on each server at C:\Program Files\Hyland\identityprovider\config.
Note:Unlike the idpconfig.json file, a single appsettings.json file cannot be moved to a common location for all Hyland IdP servers to use. It is a best practice to configure a single Hyland IdP server for load balancing, then overwrite the appsettings.json file on each other server with a copy of the same correctly configured appsettings.json file.
-
The same signing and encryption certificates need to be installed to the Personal Store under LocalMachine on each Hyland IdP server in the load-balanced environment. The identity running the application pool for each Hyland IdP server must have Read access to the private keys of the signing and encryption certificates.
-
As of 3.0.1, in load-balanced environments using SSL termination or when the Hyland IdP server is deployed behind a proxy server, you must properly configure the X-Forwarded-Host and X-Forwarded-Proto headers in the proxy server or load balancer, depending on your environment. For more information on configuring these headers, consult the Microsoft documentation.
To configure a Hyland IdP server for load balancing: