Connector Health Probe Causing Servers to Crash

We have had a few problems with the connector health probes causing applications and servers to crash or perform very slowly.

We have all our connectors in a “Global” server group. We also have some site based and regional based groups as well. We have some of our very large wildcard domain application segments use this Global group. We want our user to connect to the fastest connector so we don’t want to force them via a specific regional connector group. This causes every single one of the connectors to perform a health check against the application every time it’s accessed.

This understandable can overload the application or server if like us you have lots of connectors.

We have started to force some applications via specific connector groups where we know the application and where it’ hosted. We also started to turn off the health check as well when we are confident that the connector group can access the application and so no health check is really needed.

This has resolved most of our issues.

We are still having to use the Global connector group for some of our wildcard domains until we can confirm where all our apps are and what connectors can access them.

ZPA has discovered over 165k applications !!

1 Like

Wow, that’s a lot of applications! Somethings I think of ZPA as a CASB for your Internal Apps, I’ve heard stories of people finding apps they never knew they had, even rouge servers running on end user machines.

You’re adopting good practices to bind connector groups and disable unnecessary health checks whee they are redundant.

@skottieb:)

2 Likes

Hey Gordon,

There is an enhancement underway that will reduce the volume of health and DNS queries a connector undertakes during application discovery. I am sending you an email to describe this in more detail.