Skip to main content
Version: iGovPortal v8.0

Infrastructure

Typical overall topology

Typical topology of an iGovPortal installation within a canton :

(Schema is incoming)

  1. Firewall / RP / LB / WAF
  2. Two Front-end webservers (DMZ)
  3. Firewall / RP / LB / WAF
  4. One API webservers (LAN)
  5. One Back-end webserver (LAN) - GBO, NBOA, RequestCenter
  6. SQL Server

Reverse-proxy / WAF

SSL Offloading

While ePortal supports SSL offloading, it's important to note that it primarily operates with HTTPS and automatically redirects HTTP requests to the secure HTTPS version.

This means the application doesn't fully support HTTP-only access. By enforcing HTTPS and performing automatic redirections, we ensure all communications are encrypted and secure, protecting user data and adhering to security standards.

WAF (Web Application Firewall)

If you use WAF upstream of your infrastructure it is important to configure it in such a way that:

  • the « ePortal » WebApp is able to talk with the database server;
  • that the back-office can talk with the database and that forms (POST, GET) are correctly processed and redistributed through WebApps.

Load balancing

Some configuration is necessary in order to benefit from load balancing.

Session consistency

It is imperative to manage the session cookie so that a user who starts a session on node 1 (example) remains on node 1 for its entire user experience.

The recommandation here is using "sticky session" configuration at the load balancer level.

caution

Letting load balancer switching automatically between nodes (to node 2 in our example) can log off the user from the ePortal and requiring the latter to reconnect.

Files synchronization

Indeed, certain folders of the application must be shared between the different nodes. To do this, we generally use a NAS to host this data and symbolic links on the different nodes that will replace the folders in question.

Here is the list of symbolic links to create, as well as a script (.bat) that allows you to do so:

  • \Editor\LayoutInstances
  • \Editor\TemporaryObjects
  • \Htdocs\Files
  • \Htdocs\Images
  • \Htdocs\Modules\Customers\Cache
  • \Htdocs\Modules\Documents\Cache
  • \Htdocs\Modules\Objects\Cache
  • \TemporaryFiles
symlinks.bat
MKLINK /D D:\path\to\eportal\Editor\LayoutInstances \\path\to\nas\Editor\LayoutInstances
MKLINK /D D:\path\to\eportal\Editor\TemporaryObjects \\path\to\nas\Editor\TemporaryObjects
MKLINK /D D:\path\to\eportal\Htdocs\Files \\path\to\nas\Htdocs\Files
MKLINK /D D:\path\to\eportal\Htdocs\Images \\path\to\nas\Htdocs\Images
MKLINK /D D:\path\to\eportal\Htdocs\Modules\Customers\Cache \\path\to\nas\Htdocs\Modules\Customers\Cache
MKLINK /D D:\path\to\eportal\Htdocs\Modules\Documents\Cache \\path\to\nas\Htdocs\Modules\Documents\Cache
MKLINK /D D:\path\to\eportal\Htdocs\Modules\Objects\Cache \\path\to\nas\Htdocs\Modules\Objects\Cache
MKLINK /D D:\path\to\eportal\TemporaryFiles \\path\to\nas\TemporaryFiles