The Alert Logic® web application firewall is normally deployed as a pair of appliances, one acting as a master syncing automatically to the redundant appliance and configured for automatic failover to the second appliance. In Amazon Web Services (AWS), there are two additional options:
- A redundant pair of appliances can use a load balancer to send traffic to multiple appliances simultaneously while only one acts as a master and syncs in configs.
- An auto-scaling appliance has a single master that backs itself up in AWS and manages configs for a group of workers that can auto-scale as needed.
The Alert Logic web application firewall and web application intrusion detection system can be configured for High Availability as either active-passive or active-active pairs.
In an active-passive setup, one appliance serves all requests, while the passive appliance drops the requests. In an active-active setup, both appliances serve requests.
Different load-balancing modes are available depending on the environment's requirements:
- IP-Load mode uses a multicast MAC address. A switch sends incoming traffic toward both notes.
- IP-Stealth mode never sends packets with its virtual MAC address as the source.
- IP-Unicast mode can be safely used in scenarios where a hub is used, as it is not necessary for a multicast MAC address.