Load Balancer
Load Balancer
In a Thinfinity® Workspace deployment, the Load Balancer serves as the central distribution point for all inbound traffic. In cloud environments, it ensures high availability, efficient session distribution, and continuous health monitoring of backend instances.
Key Functions
Traffic Distribution: Implements load balancing of HTTPS/TLS traffic across multiple Thinfinity Gateway instances employing defined routing algorithms to enhance resource efficiency and eliminate single points of failure.High Availability: Continuously monitors the health status of Gateway nodes using health check mechanisms and dynamically reroutes network traffic away from degraded or non-responsive nodes to operational Gateways, ensuring uninterrupted service continuity.Secure Termination: Handles TLS session termination at the network edge, with configurable re-encryption to backend Gateways aligned with security policies to uphold end-to-end data confidentiality.Session Management: Facilitates persistent WSS connections, supporting long-duration sessions necessary for Thinfinity Workspace functionalities.Health Monitoring: Conducts ongoing health assessments of Gateway and Broker instances utilizing active and passive probing methods to validate operational integrity and maintain session stability.
Best Practices
Configure HTTPS listeners with TLS 1.2 and TLS 1.3 as minimum versions.
Utilize valid, trusted digital certificates, ensuring they are renewed and updated periodically.
Enable WebSocket support by allowing HTTP/1.1 upgrade requests and 101
Switching Protocolsresponses.Set liberal timeout durations (minimum of 30 to 60 minutes) for sustained, long-lived sessions.
Enable per-node health checks on
/__health__/endpoints for both gateways and brokers.In high concurrency deployment scenarios, verify Network Address Translation (NAT) capacity and connection throughput limits to prevent port exhaustion.
Listener
Protocol
HTTPS
Secure listener for all inbound traffic.
Port
443
Standard HTTPS port.
Use SSL Certificate
TRUE
TLS termination required.
Certificate
VDI.domain.com (example)
Replace with valid, trusted certificate for Thinfinity domain.
Backend Set
Configuration
Private IP Address
Targets the Thinfinity Gateway pool.
Protocol
HTTP
Traffic is re-encrypted or proxied to gateways over port 9443.
Port
9443
Thinfinity Gateway HTTPS listener.
Traffic Distribution
Weighted Round Robin
Evenly distributes sessions across gateways.
Session Persistence
Disabled
No sticky sessions required; WebSocket tunnels maintain persistence.
Backend Instances
Instance 1
Thinfinity Gateway 1 – (IP TBD)
Backend gateway node.
Instance 2
Thinfinity Gateway 2 – (IP TBD)
Backend gateway node.
Instance N
Thinfinity Gateway N – (IP TBD)
Backend gateway node.
Health Check
Protocol
HTTP
Lightweight health check protocol.
Port
9443
Matches the backend listener port. The default port can be changed.
Path (URL)
/__health__/
Thinfinity health-check endpoint.
Interval
5000 ms (5 seconds)
Frequency of health checks.
Timeout
3000 ms (3 seconds)
Time to wait before considering a check failed.
Retry Attempts
3
Number of failed checks before marking instances unhealthy.
Expected Response Code
200
Successful health check response.
This configuration is based on the parameters for the OCI (Oracle Cloud Infrastructure) load balancer.While other vendors (like AWS, Azure, etc.) may have different options or use different labels, the core configuration principles are the same. If you have questions about a specific vendor, or if your provider is not covered in our documentation, please contact our support team for assistance.
Summary
The Load Balancer functions as a vital element within the network infrastructure. It enforces encryption through secure TLS protocols, performs intelligent session distribution via advanced routing algorithms, and continuously monitors backend server health metrics. These mechanisms collectively establish a robust, high-availability access layer optimized for performance and reliability.
Last updated
Was this helpful?