I read this architecture:
1. where its showing the relation between Internal FTP and DMZ FTP servers.
2.Saying about Session Replication and VIP.
One quick query:
I am planning to set this up with the help of NetScaler Load-Balancer. Whether my understanding is correct below ?
1. I will use one VIP and keep these two DMZ FTP servers into the group-pool/service-group. and over the Network will allow DMZ and Internal FTP servers to communicate. Whether this will be sufficient ?
2. Secondly, its saying about session replication: So, where the session-replication should be between the servers ? Incase I use Load-balancer for this task, whether that be ok ?
3. Or do you need to setup a virtual IP between the FTP servers level itself ?
The LB goes in front of the DMZ. The DMZ has session replication enabled...or if the LB is sticking sessions based on a cookie or IP, don't do session replication as its extra overhead and unnecessary.
The Internal servers have user replication and optionally session replication between them. Session replication is only good for HTTP session and doesn't help in the case for SFTP or FTP connections. So if you have a lot of that traffic, replicating sessions has little to no value.
If the LB failed over a user, they would need to re-authenticate is all.