Project and Portfolio Management Practitioners Forum
cancel

PPM Integration with hardware load balancer

SOLVED
Go to solution
Highlighted
EngPlan
Super Contributor.

PPM Integration with hardware load balancer

I am attempting to integrate a hardware load balancer for https:// communications with PPM.  I have a certificate loaded on the device (a Citrix NetScaler) and a certificate loaded in the PPM directory on the Linux server.  I am unable to get any secure communications even if I change the port settings in the server.conf to use 8443.  Has anyone ever attempted this type of integration before? 

14 REPLIES
Jim Esler
Acclaimed Contributor.
Solution

Re: PPM Integration with hardware load balancer

We use an F5 switch as a front end. It accepts https connections and forwards decrypted packets to PPM on the port configured in server.conf. We did not add any certificates on the PPM server and PPM knows nothing about the encryption processes used between the users and the switch. My understanding is that PPM does not support https. Details are described in the Installation and Administration Guide.

EngPlan
Super Contributor.

Re: PPM Integration with hardware load balancer

Thanks Jim.  I did get our load balancer to work finally, without using any certificates.  Unfortunately, the installation manuals are very vague when it comes to h/w load balancer usage with PPM vice an external web server.  Now, my only issues are that when I attempt to access the work bench, I cannot get to it, nor can I get a web page when I log off PPM.

Jim Esler
Acclaimed Contributor.

Re: PPM Integration with hardware load balancer

In order to access the workbench, you need to make one more change: in server.conf change the BASE_URL to specify the https URL supported by the switch. Be sure to run kUpdateHtml.sh after making this change.

EngPlan
Super Contributor.

Re: PPM Integration with hardware load balancer

Jim...Thanks loads!!!  changing the BASE_URL to the correct secure port was the issue.  After I made the change, I was able to successfully log in to PPM under a secure site, open Work bench without and issue and close it.  I am now at the point where everything is fine except for logging off PPM.  When I log out, the app takes me to a page that says:

 

Internet Explorer cannot display the webpage

 

Jim Esler
Acclaimed Contributor.

Re: PPM Integration with hardware load balancer

What URL is it trying to display? You may have an old login page URL cached somewhere. Try stopping PPM and clearing the tmp and work directories in each instance ($PPM_HOME/server/<instance>/tmp and $PPM_HOME/server/<instance>/work), then restart the instances.

EngPlan
Super Contributor.

Re: PPM Integration with hardware load balancer

Jim,

 

I did remove the directories on both clustered servers and then restarted PPM.  I still had the same issue. 

 

When I log in on the secure site, I get this URL for the login page

(https://gppm.[rest of FQDN]/itg/dashboard/app/portal/PageView.jsp),

but when I log out of the secure instance, I get this URL

(https://gppm.[rest of FQDN]/itg/web/knta/global/Logout.jsp). 

 

Remeber in this instance, the NetScaler device (load balancer) is taking care of the secure login.

 

If I log in using the non-secure site, I use this URL

(http://gates.[rest of FQDN]:8080/itg/dashboard/app/portal/PageView.jsp)

and when I log out it returns this URL

(http://gates.[rest of FQDN]:8080/itg/web/knta/global/Logon.jsp).

 

Any other suggestions?  Appreciate your assistance thus far....thanks.

Jim Esler
Acclaimed Contributor.

Re: PPM Integration with hardware load balancer

What happens when you open a new IE window and enter the URL https://gppm.[rest of FQDN]/itg/web/knta/global/Logout.jsp? It should just redirect you to the Logon.jsp page.

EngPlan
Super Contributor.

Re: PPM Integration with hardware load balancer

No, it does not.  Returns the same page.

Jim Esler
Acclaimed Contributor.

Re: PPM Integration with hardware load balancer

In our configuration, the load balancer handles only the encryption/decryption functions and routes the unencrypted traffic to/from PPM. PPM is handling the login functions. I am not sure what you mean when you say the load balancer is handling the secure login. If the load balancer sees the session terminated, though, maybe it is refusing to send traffic to the Logout.jsp script after the session is ended. Just a guess on my part, though.

EngPlan
Super Contributor.

Re: PPM Integration with hardware load balancer

Sorry, I guess I should have said it that way.  Out load balancer does exactly the same as yours.  handles all the encryption to/from the clients.  On the backend, it send the data to/from PPM unencrypted.  PPM does handle the login and logout.

Jim Esler
Acclaimed Contributor.

Re: PPM Integration with hardware load balancer

What version of IE are you using. This has worked for us with IE 6, 7 and 8.

 

What version of PPM are you using? We are at 7.5 SP7 and have not tried this with 8.0 or 9.1.

EngPlan
Super Contributor.

Re: PPM Integration with hardware load balancer

PPM v9.11 using IE 7.0

Hp PPM
Valued Contributor.

Re: PPM Integration with hardware load balancer

I have gone through this full conversation and i did all these thing however hardware load balancer F5 is not working for me.

We have linux server and ppm 9.14.

 

I checked admin conf document and just vague steps.

 

I have added base url in server.conf and make sure F5 mapping to correct HTTP_PORT on PPM.

Do we need to do anymore setting?

 

thanks
Rahul

Hp PPM
Valued Contributor.

Re: PPM Integration with hardware load balancer

Resolution

ssl parameter was not activated in load balancer tool.