The SSL VPN servers in a cluster share a common configuration and are managed on a single administration console. The servers are configured to balance load and failover. When a member of the SSL VPN cluster fails, the user sessions are transparently failed over to another SSL VPN server that is healthy. An SSL VPN tunnel is affected if the server that is serving the SSL VPN tunnel goes down. A cluster can be set up to function with an L4 server or the Access Gateway to handle load balancing. A cluster can be set up to function with an L4 server or by using the Access Gateway. You can have a cluster of servers in both HTTP and HTTPS.
Using L4 for Clustering:
In this approach, the SSL VPN cluster is placed behind an L4 server. If the tunnel IP address configured in the administration console is the virtual IP address of an L4, an additional load balancing is done at this level. When a user is authenticated, all the members of the cluster are informed, so that the cluster members can handle failover. For more information on configuring the L4 server, see Configuration Tips for the L4 Switch
in the Novell Access Manager 3.1 SP1 Setup Guide.
Using Access Gateway for Clustering: In a direct connection, the client directly establishes contact with the tunneling component, which could be a NAT IP address and not through the L4 switch. This approach ensures that the load balancing of SSL VPN servers is achieved with the help of Access Gateway clusters. The client establishes connection with the first tunnel. For more information, see Section 23.0, Clustering SSL VPNs By Using Access Gateway and Without L4.