Forum / NoMachine Cloud Server Products / Active/active clustering
Tagged: active clustering HAProxy
- This topic has 7 replies, 2 voices, and was last updated 1 day, 7 hours ago by
Britgirl.
-
AuthorPosts
-
April 16, 2025 at 16:45 #52674
Steve92
ParticipantHi!
Today, only active/passive clustering can be used with ECS V8.
Will active/active clustering be available with V9 ?
Regards,
Steve.
April 17, 2025 at 15:22 #52692Britgirl
KeymasterHi, in version 9 an Enterprise Cloud Server Cluster (ECSC) is a pair of Cloud Servers that work together to maintain high available access to the centralized infrastructure. Let me sum up how it will work. This is an active-active cluster where the cluster master and slave roles can be switched between the primary and secondary servers. The master is in charge of distributing client connections and the load of session negotiation and management between itself and the slave. The primary and secondary server constantly monitor each other, hence active/active. When one of the servers loses contact with the other one, it replaces the failed server. Sessions already managed by this working server remain connected and the failover is transparent for them. The management of sessions handled by the failed server is passed from the failed server to the working server. In that case, the sessions running on the remote nodes will be automatically reconnected to the working server.
April 17, 2025 at 20:54 #52702Steve92
ParticipantHi,
When, very approximatively, will V9 be released ?
We can’t wait for it and have to find a solution to get load balancing with v8.
Are ECS compatible with HAProxy solution in TCP (NX) mode ?
What third-party solution can handle load balancing between many ECS ?
Thanks,
Regards,
Steve.
April 23, 2025 at 13:55 #52765Britgirl
KeymasterECS provides internal loadbalancing of the connections between the primary/secondary server of the cluster pair. It does not loadbalance between separate ECS gateways. To do that, you can use any tool that load-balances at the router level e.g HA Proxy.
April 23, 2025 at 21:01 #52771Steve92
ParticipantHi!
The idea would be to use HAProxy to balance load on at least 2 ECS, without using “ECS Cluster” products since they run in active/passive mode, they don’t offer load balancing but only failover.
HAProxy uses PROXY protocol.
Does the implementation on the NoMachine ECS V8 support the PROXY protocol ?
If it doesn’t, from my understanding, it means that IP source addresses (!M Clients) will be unknown for the NoMachine ECS in cluster (they will only see IP add. of HAProxy).
It would be very annoying because we do need traceablity for some sensitive environments.
Would the alternative solution be to use SSH instead of NX (I found some documentation saying ssh servers support PROXY protocol) ?
SSH and NX are quite similar, so I hope NXserver support PROXY protocol too…
Could you please clarify that ?
Thanks,
Steve.
April 29, 2025 at 15:49 #52838Steve92
ParticipantHi!
I’m still very interested in this subject, it’s very important for the last part of the POC.
Q1 – Does ECS V8 support PROXY protocol with NX so ECS can see the IP address of the client (and not the address of HAProxy) ?
I’ve done some testing, it doesn’t seem with standard settings. Is there something to set to make it work ?
Q2 – Does ECS V8 support PROXY protocol with SSH ?
I’ve done some testing, it doesn’t seem with standard settings. Is there something to set to make it work ?
Q3 – Do we need to install mmproxy or better go-mmproxy on both ECS to allow them to communicate with HAProxy, using PROXY protocol ? With NX servers ? With SSH servers ?
Q4 -Have you ever test this configuration ? Is it used in big enterprises among your clients ?
___________________ ==> [ go-mmproxy + !M ECS-A ] ==>
!M Client ==> HAProxy ==|| ________________________ ||==> !M ED or SBTS
___________________ ==> [ go-mmproxy + !M ECS-B ] ==>
HAProxy balances the load between an ECS cluster with 2 members A & B and forwards IP adresses of the clients to the ECS servers thanks to “PROXY protocol”.
Thanks,
Regards,
Steve.
May 7, 2025 at 21:30 #52909Steve92
ParticipantHi,
While, I suppose, you enjoy your holidays 😉 , I did some testing.
Q1- I can confirm: NO with standard settings. Any solution with special settings ?
Q2- I can confirm: NO with standard settings. Any solution with special settings ?
Q3- YES, for both NX & SSH !
Q4- It works ! “go-mmproxy” (nice piece of open source) translates PROXY protocol (HAProxy) to standard NX or SSH and allows forwarding of the IP address of clients to ECS.
The only problem with NX (not SSH) is the warning box about authentication (see my other post).
!M logs show well the IP address of clients and not the one of HAProxy 🙂 .
Have you ever test this configuration ? Is it used in big enterprises among your clients ?
Regards,
Steve.
May 8, 2025 at 10:55 #52917Britgirl
KeymasterHi, we have tested with HAProxy, although not heavily. We aim to test a variety of third-party products to check that the NoMachine server can work out-of-the-box with NoMachine and that no special configuration is required on our side (https://kb.nomachine.com/DT04O00138). We cannot test all products on the market of course and for advanced configurations of these products, this is ultimately the responsibility of the customer or through a professional services contract. Our own previous tests have shown that 1. the client IP was not showing up, but rather the HA Proxy; 2. HAProxy on SSH works. It doen’t require any additional settings. If HAProxy has been configured to let terminal/console SSH connections work, SSH connections in NoMachine will work too; 3. we have not tested this mmproxy you mention, but it’s interesting to know that using it allows the client IP to show rather than the HAProxy IP. About what other customers are using, there have been a few cases of HAProxy, and also a number of others like Zscaler, Google Cloud Load Balancer (for web sessions in this case, https://kb.nomachine.com/AR03Q01019).
-
AuthorPosts
You must be logged in to reply to this topic. Please login here.