Topology of a PCS Load Balancing Configuration

The Traffic Manager hosts the published VPN service using one or more Traffic IP addresses, typically within a Traffic IP group. When a client attempts to establish a VPN session, it starts by creating a secure TCP control connection. After authenticating over this connection, the client then attempts to send ESP traffic over a secure UDP channel. As such, the wizard configures the Traffic Manager to receive both types of traffic using a pair of services, one for secure TCP traffic and another for UDP streaming traffic. The Traffic Manager maintains a separate pool for each protocol type, each pool containing the same PCS instances as nodes. This way, the Traffic Manager can load-balance both TCP and UDP connections originating from the same client to the same PCS instance.

In the event that a secure UDP channel cannot be established between the client and the PCS server, the client falls back to using the TCP connection for the VPN traffic.

To ensure that VPN traffic is sent to the same PCS instance that is handling the corresponding control connection, the wizard configures and applies IP-based session persistence across both pools.

Finally, to ensure the Traffic Manager can perform effective load-balancing decisions, the wizard configures both pools with suitable health monitoring.