Scenario Description

CSS integrates shared load balancers and allows you to bind public network access and enable the VPC Endpoint service. Dedicated load balancers provide more functions and higher performance than shared load balancers. This section describes how to connect a cluster to a dedicated load balancer.

Advantages of connecting a cluster to a dedicated load balancer:

A non-security cluster can also use capabilities of the Elastic Load Balance (ELB) service.
You can use customized certificates for HTTPS bidirectional authentication.
Seven-layer traffic monitoring and alarm configuration are supported, allowing you to view the cluster status at any time.

There are eight service forms for clusters in different security modes to connect to dedicated load balancers. Table 1 describes the ELB capabilities for the eight service forms. Table 2 describes the configurations for the eight service forms.

You are not advised connecting a load balancer that has been bound to a public IP address to a non-security cluster. Access from the public network using such a load balancer may bring security risks because non-security clusters can be accessed over HTTP without security authentication.

**Table 1** ELB capabilities for different clusters
Security Mode	Service Form Provided by ELB for External Systems	ELB Load Balancing	ELB Traffic Monitoring	ELB Two-way Authentication
Non-security	No authentication	Supported	Supported	Not supported
Non-security	One-way authentication Two-way authentication	Supported	Supported	Supported
Security mode + HTTP	Password authentication	Supported	Supported	Not supported
Security mode + HTTP	One-way authentication + Password authentication Two-way authentication + Password authentication	Supported	Supported	Supported
Security mode + HTTPS	One-way authentication + Password authentication Two-way authentication + Password authentication	Supported	Supported	Supported

**Table 2** Configuration for interconnecting different clusters with ELB
Security Mode	Service Form Provided by ELB for External Systems	ELB Listener			Backend Server Group
Security Mode	Service Form Provided by ELB for External Systems	Frontend Protocol	Port	SSL Parsing Mode	Backend Protocol	Health Check Port	Health Check Path
Non-security	No authentication	HTTP	9200	No authentication	HTTP	9200	/
	One-way authentication	HTTPS	9200	One-way authentication	HTTP	9200
	Two-way authentication	HTTPS	9200	Two-way authentication	HTTP	9200
Security mode + HTTP	Password authentication	HTTP	9200	No authentication	HTTP	9200	/_opendistro/_security/health
	One-way authentication + Password authentication	HTTPS	9200	One-way authentication	HTTP	9200
	Two-way authentication + Password authentication	HTTPS	9200	Two-way authentication	HTTP	9200
Security mode + HTTPS	One-way authentication + Password authentication	HTTPS	9200	One-way authentication	HTTPS	9200
Security mode + HTTPS	Two-way authentication + Password authentication	HTTPS	9200	Two-way authentication	HTTPS	9200

Parent topic: (Optional) Interconnecting with a Dedicated Load Balancer

Previous topic: (Optional) Interconnecting with a Dedicated Load Balancer

Next topic: Connecting to a Dedicated Load Balancer

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot