Skip to content

Application Load Balancer

An Application Load Balancer distributes incoming traffic across multiple backend servers or virtual machines. It helps improve application availability, performance, and security by routing traffic and applying load balancing, TLS, firewall, and web application controls.

Definition

Use an Application Load Balancer when an application needs traffic distributed across backend members. The load balancer receives traffic through a virtual IP and port, then forwards it to backend members according to the configured service, load balancing method, and health monitor.

Features

Feature Description
Traffic distribution Distributes client requests across backend servers to avoid overload and improve availability.
Service support Supports services such as HTTP, HTTPS, TLS, and TCP.
SSL certificate management Lets you attach and manage SSL certificates for encrypted traffic. Certificates cannot be added to non-secure load balancers such as HTTP or TCP.
TLS termination Handles encryption and decryption at the load balancer.
Persistence methods Supports cookie persistence for HTTP/HTTPS, hash-based routing, and source address routing.
Connection reuse Reuses existing connections between the load balancer and backend servers, up to 1000 reuses and a maximum age of 24 hours. This is available only for HTTP/HTTPS load balancers.
Security controls Supports firewall rules, WAF, and blocked URIs.
Default certificates Secure services such as HTTPS, TLS, SMTPS, and FTPS receive a free self-signed certificate on creation.
Flexible IP management Supports public IPs and shared IPs.

Warning

Certificates cannot be attached to non-secure load balancers such as HTTP or TCP.

Use Cases

  • Keep web applications online by balancing traffic across backend servers.
  • Add backend servers as application traffic grows.
  • Terminate TLS, enforce firewall rules, and protect applications with WAF.
  • Share one load balancer across multiple applications while managing resources centrally.

Creating an Application Load Balancer

  1. Open Networking.
  2. Open App Load Balancers.
  3. Click Create.
  4. Fill in the load balancer settings.
  5. Submit the request.
Field Description
Tenant The tenant where the load balancer is created.
Business Group The business group that owns the load balancer.
Environment The target environment.
VPC The virtual cloud.
Name & Description Identification details for the load balancer.
Service The load balancer service, such as HTTP, HTTPS, TLS, or TCP.
Virtual IP & Port The VIP and port used to receive traffic.

Managing Members

  1. Open the created load balancer.
  2. Open the Members tab.
  3. Configure backend member settings.
Setting Description
Member Service Backend service type, such as HTTP, HTTPS, or TCP.
Load Balancing Method Round Robin, Least Connections, or Hash.
Health Monitor TCP, HTTP, or PING.
Connection Reuse Toggle connection reuse where the selected protocol supports it.

Managing Security

Control Description
Firewall Rules Define incoming and outgoing firewall rules.
WAF Protect HTTP/HTTPS applications against common web attacks such as SQL injection and cross-site scripting.
Blocked URIs Block unwanted paths or endpoints for HTTP/HTTPS load balancers.

Managing SSL Certificates

Secure load balancers receive a default self-signed certificate. To replace it:

  1. Open the load balancer.
  2. Open the SSL Certificates tab.
  3. Upload or select your certificate.
  4. Attach the certificate to the load balancer.

Note

HTTP/2 is configured for HTTPS load balancers only. HTTP/2 requires an associated SSL certificate and cannot be used with the SITE Cloud default certificate.

Custom SSL Configuration

Use custom SSL configuration only when your load balancer requires settings that differ from the default configuration.

  1. Submit a support request that describes the required custom settings, such as specific ciphers or protocols.
  2. Wait until the support team prepares the configuration.
  3. Return to the load balancer page.
  4. Open the SSL Certificates section.
  5. Use the Configuration dropdown.
  6. Select Custom.

Tip

Keep the Default configuration unless you have a specific requirement. Default settings are regularly updated for security practices and compatibility.

Managing Network Access

IP type When to use it
Public IP Address Use when the load balancer should accept incoming internet traffic.
Shared IP Address Use when access is needed within the cloud environment or across connected VPCs without exposing the load balancer to the internet.

FAQ

Can I edit the service after creating a load balancer?

No. The service type, such as HTTP, HTTPS, or TLS, cannot be changed after creation. Create a new load balancer if the service changes.

Why can't I attach a certificate to an HTTP or TCP load balancer?

Certificates are only supported on secure load balancers such as HTTPS or TLS.

What happens if I delete a load balancer member?

The load balancer immediately stops routing traffic to that server.

How do I perform SSL termination on the VM instead of the load balancer?

Create a TCP load balancer. In this mode, the load balancer forwards encrypted traffic directly to backend members without decrypting it.

How do I keep traffic encrypted from the client to the VM?

Attach an SSL certificate to the load balancer for client-to-load-balancer encryption, then configure backend members to use a secure service such as HTTPS or TLS.

Glossary

Term Meaning
VIP The virtual IP address assigned to the load balancer.
Members Backend servers or VMs that receive traffic from the load balancer.
Persistence Profile Configuration that keeps client requests routed to the same backend server.
TLS Termination Decrypting traffic at the load balancer before forwarding it to servers.
WAF Web Application Firewall.
Blocked URIs Paths denied through the load balancer.
Connection Reuse Reusing an open connection between the load balancer and backend servers.