Live chat
+44 (0)330 380 1064

What do you need load balancing for?

"We've been using load balancers from Loadbalancer.org on our high traffic web application since 2004 - and never had a single failure. The hardware and software has performed flawlessly for over 10 years. It was easy to setup and has been easy to maintain. And the support has been fantastic. I have no reservations recommending this product to anyone who needs a HA load balancer solution."

Brook Davies

Logiforms Software

Load Balancing Microsoft IIS

Microsoft Internet Information Services (IIS) is a high performance, flexible web server created by Microsoft for use with Windows. In order for web sites to remain available, IT managers will need to configure IIS server load balancing. Loadbalancer.org supports Microsoft IIS with all common load balancing methods, incorporating numerous modifications and customisations to suit your requirements and can be deployed physically, virtually or in the cloud. Whatever your preference, we’ll ensure that your deployment is suited for your environment.

Example HTTPS deployment illustrating SSL termination, WAF traffic inspection and SSL re-encryption.

Protocols and load balancing methods for Microsoft IIS

Protocol Port Load balancing methods
HTTP 80

Layer 7 SNAT (Recommended) Using Reverse Proxy mode is the easiest and most flexible load balancing method, offering advanced URL switching, cookie insertion and WAF capabilities.

Layer 4 DR Direct Routing has the advantage of being fully transparent and seriously fast but requires solving the arp problem.

Layer 4 NAT Traditional NAT mode gives easy to implement fast and transparent load balancing but usually requires a two-arm configuration (two subnets).


HTTPS 443

All load balancing methods can be easily configured for SSL Pass-through.


This has the advantage of being fast, secure and easy to maintain. Identical SSL certificates will need to exist on each of your backend servers for pass-through security.


SSL Termination or off-loading must be used when advanced Layer 7 functionality such as cookies or URL switching is required. You can also implement SNI if you have multiple domain certificates one one public IP address. Optional re-encryption is also available between the load balancer and IIS.

FTP 20,21

All load balancing methods can be easily configured for FTP. However the original design of FTP did not work well with firewalls so it was modified to add a special PASV (Passive) mode. If you are load balancing FTP we recommend that you configure PASV on the FTP server, or use Layer 4 NAT mode which handles the issue automatically.

SFTP 21 All load balancing methods can be easily configured for SFTP.

FAQs

  • How do we get the client source IP address in our web server logs?

    There are several ways to solve the transparency issue with a load balancer.
    - Layer 4 (HTTP & HTTPS): This is source IP address transparent by default.
    - Layer 7 (HTTP): Change the logging behaviour in IIS to show the XFF header.
    - Layer 7 (HTTP & HTTPS): Enable Proxy Protocol and XFF.
    - Only if all else fails then Layer 7 with two-arm TPROXY is fully transparent

  • My application can’t do persistence/session affinity, how can the load balancer help?

    When applications are not ‘state aware’ this could result in issues with traffic mixing between hosts during the same session. Persistence can be added by the load balancer, meaning continuity can be maintained and ensure the client remains connected to the same real server.
    - Layer 4: Source IP address.
    - Layer 7: HTTP Cookie.
    - Layer 7: Application Cookie.
    - Layer 7: SSL Session ID.
    - Layer 7: Source IP.
    - Layer 7: HTTP Cookie and Source IP.
    - Layer 7: X-Forwarded-For and Source IP (Recommended for WAF).

  • I have to run a legacy application which cannot support the required cipher list required by my security team. Can you help with that?

    If an application cannot support a required SSL cipher list (i.e. legacy application), creating an SSL Termination VIP on the load balancer could help. This also provides a single place to manage security settings and SSL certificates. (SSL Termination is not normally advised unless explicitly necessary as it can affect scalability.)

  • What can I do to protect my website from Cross-site scripting (XSS) and SQL injection attacks?

    With the Web Application Firewall (WAF) users will be protected with the OWASP Top 10 rules which keeps the service PCI compliant and you can configure extra security rules if you need to.

Surely you must have a question?