You can configure any SSL-aware load balancer (physical or virtual) to act as load balancing software with Single Sign-On, increasing availability.

You define four paths in the load balancer configuration, one for each Single Sign-On interface: STS, Group Check, Lookup Service (all high availability nodes), and the SSO Admin SDK (primary node only). Sensitive information such as passwords are passed to and from vCenter Single Sign-On. Configure the Apache HTTPD software for SSL and use only SSL ports as proxies to the Single Sign-On server.

Note

This is provided as an example of configuring your load balancing software using Apache HTTPD. Other load balancers will be configured in a different way.

Verify that you have two Single Sign-On nodes and Apache HTTPD set up as a load balancer. For information about setting up your load balancing software, see KB article 2034157.

Define the paths, configure the proxy-related and load balancer-related directives.

Add the VirtualHost entry at the end of the httpd-ssl.conf file, or you can update an existing VirtualHost entry.

Note

You might encounter errors using 64-bit Microsoft Windows operating systems. Update the following value in the conf/extra/httpd-ssl.conf file: SSLSessionCache "shmcb:C:/PROGRA\~2/Apache Software Foundation/Apache2.2/logs/ssl_scache (5120000)