HaCluster is a Load-balancer service dedicated for Artica Proxy that allows you to build a pool of internet access resource. Here all main features:
¶ Dedicated Load-balancing service for HTTP proxies
The HaCluster feature is designed to build a pool of clustered proxies with a load-balancing service. The Pool of proxy can be connected to the Active Directory Service with Kerberosmethod and/or can using transparent method.
The first one is the load balancer. The load-balancer drive clusters parameters in order to link them in the pool. It receives requests events in central mode for monitoring and troubleshooting.
The second is an Artica Proxy act that can be a master clusters. The Master cluster is designed to store proxy settings and rules and provide the set of configurations to the slave. In this case when the administrator modifies something on the master cluster all other nodes will get automatically modified settings (each 15 minutes).
The cluster client is designed to replicate the same configuration.
HaCluster provides the possibility to distribute the load on proxies in connected mode and/or in transparent mode. This allows it to offer a mixed infrastructure including both Active Directory-connected workstations and nodes without having proxy settings in the browsers.
Since the infrastructure consists of a load-balancer and a proxy farm, you need to install at least 2 or 3 Artica servers, all of which have an enterprise license.
Install the HaCluster feature The load-balancer drive clusters parameters in order to link them in the pool. It receives requests events in central mode for monitoring and troubleshooting.
¶ Add/remove/configure backends inside the Proxies farm.
Adding nodes to a cluster farm has been simplified as much as possible while still maintaining a high level of secure communication between nodes. You can install an Artica node using the ISO or by cloning the virtual machine. HaCluster then automatically links the remote server, configures it, and gets it ready for production use as quickly as possible.
Your 3 servers (the load balancer and the 2 Artica servers as proxy) must have a valid Artica server license.
DNS load-balancing backend service for proxies Artica provides an integrated DNS load-balancing system specifically designed to optimize and accelerate DNS queries generated by local backend proxy servers
About the License If you have a Gold license, it’s automatically shared with all nodes in the cluster farm. This way, you don’t waste time managing a license across your farm.
¶ The Master server ( central cluster configurator )
Define the Master Cluster. The Master Cluster is one Artica server that holds the configuration set. It's on this server that you need to administer the proxy settings so that the farm replicates the settings on the clones.
The HaCluster product can act as a powerful DNS load-balancer by leveraging its built-in proxy farm. With this configuration, DNS requests from client workstations are intelligently distributed across multiple proxy backends, ensuring high availability, improved performance, and redundancy.
Turn on the Hacluster DNS feature HaCluster monitors the health of each proxy and automatically routes queries to the most responsive servers, providing a reliable and scalable DNS resolution service for your network.
DNS Farm Monitoring with HaCluster HaCluster provides built-in capabilities to monitor and manage your DNS proxy farm in load-balancing mode
Central Web-filtering error page. When your backends use web filtering, your users are redirected to an error page if a website is blocked. By default, this error page is hosted on each backend on port 9025/9026. With HaCluster, you can centralize the handling of these error page requests.
Define the balance method methods used to load-balance proxies : Lowest connection, Round-Robin, Strict hashed ip
Automatic detection and load investigation. Most balancers detect an overloaded node by connecting to a listening port and then, calculate the response time. In many cases, especially with proxy technology, this is not enough. Artica Agents installed on each proxy will report the real state of servers load
Manage Health Checks HaCluster uses the method of polling your backend servers by attempting to request a statistics report from the proxy service at a set interval.
HaCluster is compatible with Microsoft Active Directory 2008, 2012, 2016, 2019, 2022 It uses the Kerberos method to identify with your Active Directory. The objective is as follows: The Load-balancing service is the single point that provides the initialization of the Kerberos session.
Backend proxies use the token produced for the Load-balancer to identify credentials sent by browsers. This means that you must also allow proxies to connect to your Active Directory.
HaCluster has features to centralize legal records from web proxy services registered in the farm. Proxy server logs contain the requests made by users and applications on your network. This does not only include the most obvious part : web site request by users but also application or service requests made to the internet (for example application updates).
Centralized logs with HaCluster When connecting a new backend to the HaCluster, it is automatically defined to send relatime access events using syslog to the HaCluster Load-balancer service.
Monitor haCluster and backends You can monitor 3 types of events, the balancing service, user requests on the farm and the status of the backend servers.
Forward relatime events to a SIEM/log sink HaCluster is able to receive real-time request events from different backend proxies and to consolidate them. It is also able to retransmit this consolidation to a log sink or a SIEM
Incompatible NAT to the load balancer When the Artica Load-balancer send order, the Artica Proxy client retrieve the Load-balancer IP from the SSL connection. This IP address not be masqueraded by a firewall. If it is the case, Artica Proxy clients will try to communicate directly with the firewall instead of the load-balancer. (If you need this feature, please contact the support to evaluate required development.)