Load Balancer Configuration
The following procedures describe how to connect and configure a load balancer for Control-M/EM, which enables you to provide continuous availability between Control-M Web and the Control-M Web Server:
Connecting a Load Balancer to Control-M/EM
This procedure describes how to connect a load balancer to an environment with multiple Distributed Control-M/EMcomponents. This configuration enables you to provide continuous availability between Control-M Web and the Control-M Web Server. Users access Control-M Web with the URL of the Load Balancer, which then distributes requests between the available Web Servers in the Distributed Control-M/EM environment. This ensures seamless connectivity even if one of the Web Servers are down or there are many simultaneous connections.
Begin
-
Create the following two reverse proxy servers in the load balancer configuration file, which lists the connected Control-M Web Server hosts.
-
HTTP: Server hostname.
-
HTTPS: Server fully qualified domain name (FQDN).
upstream <NginX machine name> {
server <EM URL>:<web port>;
server <EM URL>:<web port>;}
upstream <FQDN of NginX machine> {
server <EM URL FQDN>:<HTTPS port>;
server <EM URL FQDN>:<HTTPS port>;}
To use the BMC-provided certificate, you must take the CSR file from the load balancer server, copy it to the <EM_HOME>/ini/ssl/ directory, and sign it with the em_ssl_ca.pem and em_ssl_cert.pem files with OpenSSL. Then you must save the certificate in the load balancer configuration file. For an example of this type of configuration, see Configuring an NGINIX Load Balancer with a BMC-Provided Certificate.
-
-
Recycle the load balancer.
-
Navigate to the following directory:
-
Windows:<EM_HOME>\emweb\tomcat\conf\web.xml
-
UNIX: <EM_HOME>/etc/emweb/tomcat/conf/web.xml
-
-
Search for the string corsfilter.
-
Add the following parameters to the Control-M/EM primary machine:
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>one or more (comma-separated) https URL of load balancer server (including :port)</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,PUT,DELETE</param-value>>
</init-param>
The following block of XML code demonstrates the change in the web.xml file:
Copy<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>https://lb-web:3480,https://lb-aapi:3481</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,PUT,DELETE</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern> /* </url-pattern>
</filter-mapping> -
Recycle the Web Server.
Configuring an NGINIX Load Balancer with a BMC-Provided Certificate
This procedure describes how to configure an NGINIX Load Balancer with a BMC-provided certificate.
Begin
-
Log in to the NGINIX machine as a root user, create the openssl.cfg file, copy the following text to the file, and update the details according to your environment.
Copy[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
C=US
ST=Texas
L=Houston
O=BMC Software Inc
OU=Control-M
emailAddress=[Your email address]
CN =[Your server FQDN]
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = [Your server FQDN] -
Run the following command to create a private key and a CSR file:
openssl req -new -sha256 -nodes -out request.csr -newkey rsa:2048 -keyout privatekey.pem -config openssl.cfg
The privatekey.pem and request.csr files are created.
-
Copy the private key to the following NGINIX directory:
/etc/pki/nginx/private/
-
From your Control-M/EM primary machine, navigate to the <EM_HOME>/ini/ssl/ directory and copy the following files to the NGINIX machine directory where the CSR file is created.
-
- em_ssl_ca.pem
-
- em_ssl_cert.pem
-
-
Run the OpenSSL command to sign your CSR file and move the file that is created to the following directory:
/etc/pki/nginx/