Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Possible to Use AWS Load Balancers in Front of a NiFi Cluster

Labels:
avatar
author-rank davehkd
Contributor

Created ‎09-13-2023 04:31 AM

Is it possible, or does it make sense to use AWS Load Balancers in front of a NiFi Cluster?

We are running a 3 node nifi cluster using v 1.19.1 on aws and I wanted to see if it is possible, or makes sense to use an AWS Load Balancer(s) in front of the nifi cluster.

Any guidance, suggestions would be tremendously appreciated.

794 Views
0 Kudos
2 ACCEPTED SOLUTIONS

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎09-14-2023 11:24 AM

@davehkd 
Of your NiFi cluster is secured you'll need to make sure that the load balancer is configured with sticky sessions (also known as session persistence).  This is needed because NiFi authentication (except certificate based mutual TLS authentication) issues a client and server side token.  The issued client token gets passed by the client (browser) with every subsequent request made to NiFi.  The corresponding server side token only exists on the specific NiFi node that handled the authentication.  So if your LB routes subsequent requests to a different node, authentication will fail for that request.

Many users setup LBs in front of NiFi so there is one URL that can direct to any number of nodes in the NiFi cluster that are all capable fo handling authentication and authorization.  This ensures ease of access for example when a node in the cluster is down.


If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

 

View solution in original post

774 Views
0 Kudos

avatar
author-rank davehkd
Contributor

Created ‎09-18-2023 04:37 AM

Thanks Matt!

View solution in original post

746 Views
0 Kudos
2 REPLIES 2

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎09-14-2023 11:24 AM

@davehkd 
Of your NiFi cluster is secured you'll need to make sure that the load balancer is configured with sticky sessions (also known as session persistence).  This is needed because NiFi authentication (except certificate based mutual TLS authentication) issues a client and server side token.  The issued client token gets passed by the client (browser) with every subsequent request made to NiFi.  The corresponding server side token only exists on the specific NiFi node that handled the authentication.  So if your LB routes subsequent requests to a different node, authentication will fail for that request.

Many users setup LBs in front of NiFi so there is one URL that can direct to any number of nodes in the NiFi cluster that are all capable fo handling authentication and authorization.  This ensures ease of access for example when a node in the cluster is down.


If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

 
775 Views
0 Kudos

avatar
author-rank davehkd
Contributor

Created ‎09-18-2023 04:37 AM

Thanks Matt!

747 Views
0 Kudos
Announcements
What's New @ Cloudera
Updates to the HDFS clusters on AWS environments to add supp...
What's New @ Cloudera
Enhancements to the create-database command
Community Announcements
September 2024 Community Highlights
What's New @ Cloudera
Cloudera Streams Messaging Operator 1.1
What's New @ Cloudera
From Silos to Synergy: Unifying Data Warehousing and AI
View More Announcements