Reverse RAS mode for Operations Orchestration SSL

  • KM03100502
  • 21-Feb-2018
  • 21-Feb-2018

This document has not been formally reviewed for accuracy and is provided "as is" for your convenience.

Summary

Configuration about how Central cope with RAS worker groups

Question

We will use Reverse RAS mode for Operations Orchestration. Central will initiate the communication to the RAS (worker) servers. We will also have a loadbalancer in front of 2 central servers.

 

The admin UI users will communicate with https to the loadbalancer , then the LB will forward traffic encrypted to the Central servers (or possibly re-encrypted - decision to be made definitive later).

 

Now for the Central to RAS communications we will choose Reverse RAS mode. But we have some queries about this mode.

Which central server will actually initiate the communication to a RAS server ? (is there a master node concept for this ?)

How does Central cope with RAS worker groups. Does the central server keep track of which RAS server should be assigned a job ? Or does it assign to a RAS Worker group, and the members somehow manage themselves ?

 

So the reason for these questions :

The question is will the loadbalancer be completely bypassed in this communication and we will setup certificates for each central and each worker and configure all communications with SSL end to end ?

Or will we use http from central up to the LB, and the LB can encrypt going forward to the RAS ?

Answer

A central server will be designated to handle the task scheduling.(automatically)

The central will initiate conversation directly with the RAS server (so one SSL tunnel direct form central to ras, no loadbalancer)

If there is a RAS Worker group, the Central will track this, and if one RAS is unreactive Central will switch to another.

Central will distribute tasks across the Group. So even in Reverse RAS mode there is no need for the "legacy" v9.x "RAS load balancer" concept.