Welcome to the third post in our series on strategies for scaling your FileMaker application. In our previous post, we shared insights on when and why WebDirect can be an excellent long-term solution for taking FileMaker to the next level.
Table of Contents: Scaling FileMaker Series
- Scaling FileMaker – Part 1
- How to Scale FileMaker with a Custom WebDirect Solution
- How to Scale FileMaker by Leveraging Load Balancers and Integrating FileMaker Server with SSO
- How to Leverage the Cloud to Troubleshoot FileMaker as Your Business Scales
- How to Identify and Resolve Server Bottlenecks in Your FileMaker Application to Encourage Scaling
Today, we’re sharing how to integrate FMS with SSO using a load balancer. We’re focusing on the use case for a high-security client with significant regulatory requirements and on-premise servers.
On-Premise Client v. WebDirect Solution
We’re discussing on-premise servers today because while this can be applied for WebDirect, most architects design a WebDirect solution with cloud services and, therefore, load balancing built in. They are ideal for external users who want to avoid access roadblocks or installation requirements.
This is also a typical requirement in a high-security/regulated environment. Traffic to the FileMaker Server is allowed only through a load balancer, with everything else blocked without exception.
Today, therefore, we’ll mostly talk about FileMaker Go and FileMaker Pro running on on-premise servers in this post.
Working with a Load Balancer
Consider high-security government organizations. We have several clients that fall within this definition, and they all have regulatory restrictions that FileMaker Server doesn’t support by default.
After analyzing our first few clients, we realized that routing all traffic and data through a load balancer was not only the quickest and most comprehensive solution but also the only way to meet their strict security requirements. By default, FileMaker Server does not support routing all traffic through a load balancer
Our FileMaker consultants developed a proprietary process to implement a stable load balancer that streamlines performance for our clients. Instead of users accessing FileMaker directly, the load balancer manages all traffic and serves as a traffic director, pushing users to the most optimal server at the given moment. The same setup supports FileMaker traffic (GIOP/non-HTTP) at the same time.
This solution started as an adapted engine plus configuration that we leveraged for FileMaker, based on something Claris supports. We modified and customized how it works for our clients, who must adhere to strict compliance and carefully manage their server traffic under the hood.
Benefits of a Load Balancer
Optimized Traffic Mediation
A load balancer automatically manages which traffic goes to which server so that no resources get overwhelmed or overloaded. All users get an optimal user experience. It evaluates incoming network traffic and strategically distributes it across a server network to optimize resources and prevent any servers from becoming a bottleneck.
Proper Access Levels
A load balancer also ensures only people with the right credentials can gain entry to limited-access servers. This is especially important for clients with tight security standards.
Application Availability
Because a load balancer distributes traffic across a server network, it also reduces downtime within your FileMaker application. If one server shuts down or maxes out, it redirects traffic to another, improving application availability and reliability.
Scalability
With a load balancer, businesses can easily scale operations up and down without negatively impacting performance. As demand increases, you can configure the load balancer to automatically and seamlessly add servers to the networks.
Server Flexibility
Load balancers support hybrid server setups, managing traffic between on-premise servers and those in private and public clouds. If you add servers in AWS, for example, you have significantly greater flexibility and the potential for reduced costs if you use a load balancer to carefully manage traffic between the entire network.
Regular Server Health Evaluations
Load balancers continuously check your servers to see if they’re in a healthy state. If it finds one that is not healthy, it drops it from the list of servers to use as resources temporarily until your team can troubleshoot. This ensures users only connect to healthy machines.
Authentication & Security
Load balancers definitively separate traffic from server infrastructure. They act as a first line of defense against attacks on your FileMaker application. We can configure them to perform initial security assessments on incoming requests, significantly increasing security measures. After all, you should never expose your servers directly to a user. Let the load balancer act as a bouncer who checks IDs and restricts access. This is why our high-security government clients need highly customized solutions with load balancers.
SSO Flow & Authentication
This brings us to SSO Flow. SSO is self-explanatory – it allows users to log in once and access multiple applications under one set of credentials. It’s convenient and delivers a better user experience, leading to faster workflows and improvements in productivity. It also encourages users to create stronger passwords, as they only have to remember one. For organizations with strict compliance regulations, SSO helps maintain data integrity management and ensures manageable audit trails.
In FileMaker, the load balancer facilitates this SSO Flow. It handles user authentication via services like OAuth and delivers token-based access, routing users to the servers they can work on. And, of course, they still manage this while ensuring your servers don’t get overloaded.
SSO can significantly improve efficiency and security if your users need to interact with multiple databases or applications within the FileMaker ecosystem.
Implementing a Load Balancer in Your FileMaker Application
Utilizing a load balancer is crucial for maintaining robust, efficient, and secure IT operations, especially for organizations whose users need high availability and performance.
(For our setup, we had a major problem with FMS’ default SSO setup. The default OAuth setup of FileMaker Server (even with the official FMS+load balancer instructions available here does not support SSO OAuth flows through a load balancer. It requires OAuth redirects to go directly to the primary server to authenticate an SSO user. After doing a lot of research to break down how OAuth traffic works under the hood in FMS, we reconfigured the Web Direct environment to pass OAuth redirect traffic through the load balancer and to the primary machine without having to expose any backend server.)
(I am not sure if this is worth mentioning, but I have created a detailed document containing step-by-step instructions and explanations for the client’s IT staff to assist them in setting up the system again. This was required to get their IT and Cyber Security departments to adopt our solution and allow them to work efficiently when responding to emergencies.)
Many of our clients understand the benefits of a load balancer and even how it works in theory, but they struggle to implement it themselves. This is one way we serve a trusted partner to implement a customized strategy that addresses your business needs. Contact us to learn how we can help you and your team build and launch a load balancer for your FileMaker application.