Below is a step-by-step guide on how to configure an AWS Elastic Load Balancer (ELB) for a Cloudmersive Private Cloud deployment running on two nodes. This article will cover creating the load balancer, adding the two Cloudmersive Private Cloud nodes as targets, configuring a health check for the /virus/status endpoint, and choosing between HTTP (port 80) and HTTPS (port 443).

1. Prerequisites

1. Cloudmersive Private Cloud Deployment: You should have two running Cloudmersive Private Cloud nodes (VM instances or containers) that are ready to receive traffic.
2. AWS Account: You need access to the AWS Management Console with permission to create and configure Load Balancers and Target Groups.
3. Security Groups: Ensure that the security groups for your Cloudmersive nodes allow inbound traffic from the load balancer on the necessary ports (80 for HTTP, and/or 443 for HTTPS).

2. Choose Between HTTP (Port 80) and HTTPS (Port 443)

When creating a load balancer, you have two main protocols to choose from for incoming traffic:

• HTTP (Port 80): Traffic is not encrypted. Usually used for testing or internal network use only.
• HTTPS (Port 443): Traffic is encrypted using SSL/TLS. Recommended for production environments, as it provides security in transit.

Tip: If you choose to use HTTPS on port 443, you must have a valid SSL/TLS certificate uploaded to AWS Certificate Manager (ACM) or available in IAM (for Classic Load Balancer) that you can associate with the load balancer listener.

3. Create an Application Load Balancer

The following instructions detail how to create an Application Load Balancer (ALB). You can also use a Classic Load Balancer, but ALB is recommended for modern deployments and greater flexibility.

1. Sign in to the AWS Management Console and open the EC2 service.
2. In the left navigation pane, select Load Balancers under the “Load Balancing” section.
3. Click Create Load Balancer.
4. Choose Application Load Balancer.
5. Provide a Name for your load balancer (e.g., cloudmersive-privatecloud-alb).
6. Under Scheme, select either Internet-facing (to allow traffic from the internet) or Internal (for private networks only), depending on your use case.
7. Select the IP address type (usually ipv4 unless you need dualstack).
8. Under Listeners, you can add one or more listeners:
   • HTTP (80): Add a listener on port 80.
   • HTTPS (443): Add a listener on port 443. You will need to associate an SSL certificate in the next step.
9. Under Availability Zones, select the VPC and the Availability Zones where your Cloudmersive Private Cloud instances are located. Ensure each Availability Zone you select has the proper subnet for your instances.
10. Click Next: Configure Security Settings (if you added HTTPS, configure the certificate details here).
11. Click Next: Configure Security Groups. Select or create a security group that allows inbound traffic on the port(s) you specified (80/443).

4. Create a Target Group

The target group tells the load balancer where to send traffic and how to check for instance health.

1. Choose a Target Group type. Typically, you should choose Instances or IP addresses depending on how your Cloudmersive Private Cloud nodes are set up:
   • Instances if your Cloudmersive Private Cloud is running directly on EC2 instances.
   • IP addresses if your Cloudmersive Private Cloud is running in containers or is not tied directly to an EC2 instance.
2. Give your target group a Name (e.g., cloudmersive-privatecloud-tg).
3. Select Protocol and Port.
   • If your Cloudmersive nodes are listening on port 80 for HTTP traffic, choose HTTP and port 80.
   • If your Cloudmersive nodes are listening on port 443 for HTTPS, choose HTTPS and port 443.
4. Health checks:
   • Protocol: HTTP or HTTPS, matching what the node is using.
   • Path: Set this to /virus/status. This is the health check endpoint for Cloudmersive Private Cloud anti-virus status.
   • Healthy threshold: (e.g., 2)
   • Unhealthy threshold: (e.g., 2)
   • Timeout: (e.g., 5 seconds)
   • Interval: (e.g., 30 seconds)
   • Success codes: 200 (or the codes used by Cloudmersive for a healthy response).
5. Click Next to register targets.

5. Register the Two Cloudmersive Private Cloud Nodes

1. Under Targets, select the two AWS EC2 instances or IP addresses where your Cloudmersive Private Cloud is running.
2. Click Include as pending below (for Instances) or provide the IP addresses (for IP mode).
3. Click Register pending targets (for Instances) or Save (for IP addresses).

6. Finalizing the Load Balancer Configuration

1. Review all settings:
   • The load balancer name and scheme.
   • The listeners (HTTP port 80, HTTPS port 443, or both).
   • The security group allowing inbound traffic.
   • The target group with a health check path of /virus/status.
2. Click Create to provision the ALB.
3. Wait a few minutes until AWS shows that the load balancer is active.

7. Testing and Validation

1. Health Check: Navigate to the Target Groups section in the EC2 console. Verify that each target (Cloudmersive node) is showing as healthy. The ALB will continuously send GET requests to /virus/status on each node.
2. DNS Name: AWS provides a DNS name for your new load balancer.
   • If you created an Internet-facing ALB, you can access this DNS name from an external browser (or use a custom domain pointed to this DNS name).
   • If you created an Internal ALB, ensure you test from within your VPC.
3. Cloudmersive Private Cloud Service: Confirm that requests are routed correctly by performing a sample scan or any typical call you would make to the Cloudmersive API endpoints. The traffic should be distributed between the two nodes.

8. Common Troubleshooting Tips

1. Health Check Failures:
   • Double-check that your Cloudmersive nodes are correctly serving the /virus/status endpoint on the correct protocol (HTTP vs. HTTPS) and port.
   • Verify that the security group associated with the Cloudmersive nodes allows inbound traffic from the load balancer on the designated port.
2. HTTPS Certificate Issues:
   • If using HTTPS, ensure that the certificate is correctly uploaded to AWS Certificate Manager (ACM) or is otherwise properly configured.
   • Make sure the domain name of the certificate matches the domain you’re using for the load balancer (if applicable).
3. Cross-Zone Load Balancing:
   • By default, Application Load Balancers distribute traffic across Availability Zones for high availability. You can optionally enable/disable cross-zone load balancing in the load balancer’s settings.

Conclusion

You have now configured an AWS Elastic Load Balancer (Application Load Balancer) to distribute traffic to two Cloudmersive Private Cloud nodes. A health check on the /virus/status endpoint ensures that only healthy nodes receive traffic. Depending on your requirements, you can serve traffic via HTTP on port 80 or HTTPS on port 443 (with SSL/TLS encryption). This setup provides a robust, scalable way to handle Cloudmersive Private Cloud workloads in AWS.