FlyteComm wanted to put the map tile servers under that same RSA SecurID gateway as the ASP .NET servers but the company's server infrastructure did not allow that plus there were known scalability issues. To demonstrate to IT there was a better way, I setup a VMWare virtualized system to prototype a better server infrastructure. The system consisted of:
- SSL termination servers (Apache) with RSA Web Agents that forwarded requests to a set of
- Layer 7 reverse HAProxy servers that then load-balanced a
- set of ASP .NET and map tile servers.
Used CentOS for all the virtualize servers. The SSL Apache servers were round-robin balanced using dynamic DNS. The HAProxies used auto-failover via wackamole/spread. Session affinity was a must and the HAProxies were setup to deal with that. Got everything working except we found out that ASP .NET didn't understand the standard
X-forwarded... HTTP headers used by layer 7 reverse proxies and there was no way in IIS 6 to make that happen without a lot of .NET code changes or by upgrading all the existing ASP .NET servers to IIS 7. The company was unwilling to invest the resources to do either. So, the new web infrastructure never made it to production even though everyone agreed it was a much better way to go in the long run.