Configure load balancing, SSL termination at the reverse proxies, and FQDNs
for the BlackBerry Proxy servers
BlackBerry Proxyservers are not using
BlackBerry Dynamics Direct Connect, and therefore accessed only through the
BlackBerry Infrastructure, additional network configuration is not required.
BlackBerry Proxyservers are using
Direct Connect, third-party network appliances must be configured for the incoming connections from devices and containers. Security-sensitive customers may set up a configuration that uses SSL Termination at a Reverse Proxy. For best performance and minimum latencies, a configuration that uses a global traffic manager configuration with two external FQDNs (one for each
BlackBerry Proxycluster) and a local traffic manager configuration for load balancing within each
BlackBerry Proxycluster is suggested.
- Configure eachBlackBerry Proxyserver at the primary site asDirect Connect= Yes, with a Host Name that is the first external public FQDN (for example, cluster1.external.org.com). LeaveWeb Proxy= No,Proxy HostandProxy Portblank.
- Configure eachBlackBerry Proxyserver at the secondary site asDirect Connect= Yes, with a Host Name that is the second external public FQDN (for example, cluster2.external.org.com). LeaveWeb Proxy= No,Proxy Hostas blank, andProxy Portas blank.
- Set up the two FQDNs to point to the endpoints or servers that resolve to theBlackBerry Proxycluster servers at the corresponding primary and secondary sites. A global traffic manager configuration will allow both FQDNs to always be reachable, with one FQDN responding quickly with a connection failure when one site is down.Using two FQDNs serves two purposes. It allows the search algorithm of the client library (SDK) to know when the primary site is not reachable, and that it is therefore using theBlackBerry Proxycluster at the secondary site. It also allows the endpoints (for example, virtual IP addresses) to be set up so that when a site is down, attempted connections to the corresponding FQDN will result in a fast fail instead of long TCP connection timeouts.