Load Balancing Issuing CAs

  • Thread starter Thread starter Max
  • Start date Start date
M

Max

I'm running two Windows 2003 Issuing CAs with two separate Windows
2003 Web Enrollment servers. I want to know if its possible to load
balance the Issuing CAs behind the Web Enrollment servers. I have
searched for a documented method of accomplishing this, but have not
found any example where this has been done.

I don't know if this is even possible, as during the installation of a
Web Enrollment server, there are two boxes on the configuration step
of the install where the CA that the Web Enrollment Server is directed
towards is specified. The first box being "Computer name" and the
second is a drop-down box where you enter the "CA". Filling in only
the virtual IP of the load balancer into "Computer Name" and clicking
Next brings the error "Please make sure there is a running CA on the
computer". Basically, it looks like the computer or IP address that
is entered in the top box must have a CA on it which will then appear
in the drop-down box.

Is it possible to have a Web Enrollment Server point towards a Load
Balancer that will distribute requests to multiple Issuing CAs? If
so, how?
 
maxroberts1 said:
pecified. The first box being "Computer name" and the
second is a drop-down box where you enter the "CA". Filling in only
the virtual IP of the load balancer into "Computer Name" and clicking
Next brings the error "Please make sure there is a running CA on the
computer". Basically, it looks like the computer or IP address that
is entered in the top box must have a CA on it which will then appear
in the drop-down box.

Is it possible to have a Web Enrollment Server point towards a Load
Balancer that will distribute requests to multiple Issuing CAs? If
so, how?
Click to expand...
Load Balancing, Clustering, etc. is not supported for Certificate
SErvices. The only known solution is a solution from Unisys running on
Data Center edition ($$$$$$$$$$$$$$$$$$$$$$$$$$$)

Brian
 
Why it this? Are load-balancing and high-availability not seen as
important for certificate services? Or are there plans to include
this support in future versions?
 
Back
Top