load balancing 2 shibboleth IdP servers

[Cantor, Scott]

I should have noted that unlike most sites, our NetScaler setup is layer 4, not layer 7. I used to use an obscure feaure called Direct Server Response that plays tricks with ARP tables, and now I just route TCP through the NetScalers directly to servers running on subnets managed by them. There's no HTTP proxying and it's end to end, client to my Jetty servers. My life is immeasurably more pleasant as a result.

-- Scott