I am deploying a highly available Portal and ArcGIS Server based on the following diagram. We use KEMP Virtual as the network load balance. Since we would like to have all the transaction to use HTTPS protocol only and we use third party NLB, where should we install device certificate? Only on web server (IIS and also importing them in ArcGIS Server and Portal admin pages as we do in a regular deployment) or on NLB? or both?