Use the following steps to complete load balancing configuration for the Cert Proxy service (Android SSO using TLS mutual authentication).

Procedure

  1. Creating Application Profile — The default Layer 4 profile can be used (System-L4-application).
  2. Creating TCP Profile: For creating TCP/UDP, navigate to Templates > Profiles > TCP/UDP and click Create.


  3. Creating Health Monitor
    1. To create a custom health monitor, navigate to Templates > Profiles > Health Monitors.
    2. Click Create.


    3. Click Save.
  4. Creating Persistence Profile.
    1. To create the persistence profile, navigate to Templates > Profiles > Persistence .
    2. Click Create.
    3. In the New Persistence Profile screen, update the details and click Save.
  5. Creating IP group: You can use the same profile that was created in the IDM horizon service section.
  6. Creating Server SSL Profile: You can use same profile that we created above in IDM horizon service section.
  7. Creating Pool
    1. To create the pool, navigate to Applications > Pools.
    2. Select the Create Pool option.
    3. Enter the details as shown in the section below (for the respective services).
    4. To bind the monitor, click on Add under Health Monitor and select the custom monitors that were created in the previous step.
    5. Select the Enable SSL and select the server SSL profile that was created in the previous step. Click Next.
    6. In the Servers tab, select the IP group of the servers that we created above.
    7. Click Save.




  8. Creating Virtual Service
    1. You can use Avi Load Balancer VIP sharing capability, for creating virtual service for various service components. For more information, see How to share a single VIP across multiple virtual services.
    2. Navigate to Applications > Virtual Services and select Create Virtual Service > Advanced Setup.
    3. Under VIP Address, click Switch to Advanced. For the option under Virtual Service for VIP sharing, select the L7 virtual service that was created for the IDM Horizon service as shown in the screenshot below: