Hi,

As promised I tell you about my experience with loadbalancing x2go.

I had first tried to use the default loadbalancing setup of x2go broker. It was working fine except that the Windows client was not connecting to the https broker (due to a bug in the client). It has been fixed quickly and I thank the development team for their reactivity.

In the meanwhile, I had looked up alternative solutions and here is what I set up :

The broker is a simple HAProxy loadbalancer configured for ssh connections balancing. For us it listens on port 10000 and dispatches ssh/tcp connections over 2 x2go servers on ports 22 (the default ssh port !). The balancing algorithm is based upon source ip hashing : It gives returning users a chance to be sent to the same x2go server next time and have the possibility to resume a suspended session (better than round-robin).

Advantages of that solution :
- x2go servers are not exposed to the outside world and there is no need to open ports on the firewall for each x2go server : You only need to open ports for the loadbalancer, which you can put in your dmz.
- HAProxy cares to dispatch connections only to x2go servers that are up (timeout configuration).
- Authentication is only made once on x2go servers (they are configured with ldap_pam).
- No need to install a session broker agent on x2go servers.

Drawbacks :
- When a user connects with a different public ip, he wont probably be sent to the same x2go server where he could have a suspended session.
- Authentication is not made by the loadbalancer so there aren't acl management as with the regular x2go broker.
- Every connections transit through the loadbalancer so there might be a little overhead. HAProxy is pretty optimized though and it is not noticeable.

I join hereby the HAProxy configuration file I am using.

It really works fine for us. I hope it will be useful to others.

Best regards,

Thierry

--

Thierry KAUFFMANN

Chef du service informatique (SIF)

Tél : +33 4 67 14 31 58

Mail : Thierry.Kauffmann@univ-montp2.fr

CC 437 - Place Eugène Bataillon. 34095 Montpellier Cedex 5 - FRANCE.

www.fdsweb.univ-montp2.fr

FACULTÉ DES SCIENCES / UNIVERSITÉ MONTPELLIER 2