To provide load balancing for many clients, deploy multiple Agent Handlers in an Agent Handler group. If you have existing load-balancing hardware, place multiple Agent Handlers behind one or more load balancers.
If you use Secure Sockets Layer (SSL) for agent-to-server communications, the load balancers must be configured to
enable SSL traffic pass-through between the clients and Agent Handlers.
IMPORTANT: We recommend that you do
not close the Transport Layer Security (TLS) connection on the load balancer. This recommendation is primarily for performance reasons:
- There is extra load on the load balancer because it must decrypt the traffic.
- The Agent Handlers are not able to process unencrypted traffic. So, if the load balancer sends unencrypted traffic, the Agent Handler re-encrypts it using the proprietary SPIPE protocol used before ePO and MA supported TLS. This encryption places extra load on the Agent Handlers.
- When the load balancer re-encrypts the traffic before forwarding it to the Agent Handlers, it places more load on the load balancer.