Barracuda Load Balancer Administrator s Guide

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Barracuda Load Balancer Administrator s Guide"

Transcription

1 Barracuda Load Balancer Administrator s Guide Version 3.3 Barracuda Networks Inc S. Winchester Blvd. Campbell, CA

2 Copyright Notice Copyright , Barracuda Networks v All rights reserved. Use of this product and this manual is subject to license. Information in this document is subject to change without notice. Trademarks Barracuda Load Balancer is a trademark of Barracuda Networks. All other brand and product names mentioned in this document are registered trademarks or trademarks of their respective holders. ii Barracuda Load Balancer Administrator s Guide

3 Contents Chapter 1 Introduction Overview Powerful Enterprise-Class Solution Features of the Barracuda Load Balancer Load Balancing for all IP-based Applications Easy to Use and Maintain Intrusion Prevention System Auto-Discover Mode Persistence SSL Offloading Scheduling Policy Automated Service Monitor Multiple Deployment Modes High Availability Easy Administration Last Resort Server Content Routing Removing Servers without Disrupting the Service HTTP Request and Response Rewrites Support for Layer 2 VLANs TCP Proxy Global Server Load Balancing (GSLB) Chapter 2 Load Balancing Deployment Options Barracuda Load Balancer Terminology Load Balancer Deployment Options Sample Network Situations Route-Path (Recommended) Deploying Route-Path Route-Path One-Armed Route-Path Two-Armed Route-Path with TCP Proxy Service Bridge-Path Deploying Bridge-Path Direct Server Return DSR with Route-Path or Bridge-Path Deploying Direct Server Return Deployment Notes Deployment in a Linux Environment Deployment in a Windows/XP Environment Deployment in a Microsoft Windows Server 2003 or 2008 Environment.. 29 Verifying DSR Deployment iii

4 Chapter 3 Getting Started Initial Setup Preparing for Installation Connecting the Barracuda Load Balancer to the Network Configuring WAN IP Address and Network Settings Configuring Your Corporate Firewall Configuring the Barracuda Load Balancer Verifying Your Subscription Status Updating the Barracuda Load Balancer Firmware Updating the IPS Definitions Chapter 4 Configuring Services Creating Services Creating Load-Balanced Services Enabling Persistence Persistence Settings for a Service with type Layer 7 - RDP Persistence Settings for a Service with type Layer 7 - HTTP Persistence Settings for a Service with type Layer 4 or TCP Proxy Terminal Services Load Balancing TCP Proxy SSL Offloading Uploading SSL Certificates Specifying SSL Offloading for a Service Updating Ports on the Real Servers Selecting a Scheduling Policy Adaptive Scheduling Pre-Assigned Weight Scheduling Policies Scheduling for a Service with type Layer 7 - RDP Configuring Intrusion Prevention Configuring a Last Resort Server Layer 7 - HTTP Services Directing HTTP Requests using Content Rules Creating an HTTP Redirect Service Modifying HTTP Requests and Responses Chapter 5 Network Configuration VLAN Support Routing to Multiple VLANs over an Interface Making Services Accessible from the LAN/WAN Creating Static Routes Allowing Real Servers to Connect to the Internet Chapter 6 High Availability Creating a High Availability Environment Requirements for High Availability (HA) Operation of HA iv Barracuda Load Balancer Administrator s Guide

5 Recovery of the Primary System Creating a Cluster and Removing the Cluster Data Propagated to Clustered Systems Chapter 7 Global Server Load Balancing Introduction to Global Server Load Balancing (GSLB) GSLB Examples GSLB Definitions Site Selection Criteria How GSLB Works Failover Integrating with the Existing DNS Infrastructure Site Selection Algorithms Failover IP Address IP Address and Location Database Response Policy Options Example Implementations Disaster Recovery - Two Sites in the World Direct Clients to Closest Data Center Direct Clients to Specific Region GSLB Regions Configuring Multiple GSLB Controllers Steps to Install GSLB Chapter 8 Managing the Barracuda Load Balancer Administrative Settings Controlling Access to the Web Interface Customizing the Appearance of the Web Interface Setting the Time Zone of the System Enabling SSL for Administration Monitoring the Barracuda Load Balancer Monitoring the Health of Services and Real Servers Enabling or Disabling Real Servers Remotely Administering Real Servers Viewing Performance Statistics Viewing Logs Automating the Delivery of System Alerts and SNMP Traps SNMP Monitoring Viewing System Tasks Maintaining the Barracuda Load Balancer Backing up and Restoring Your System Configuration Updating the Firmware of Your Barracuda Load Balancer Updating the Intrusion Prevention Rules Using Energize Updates Replacing a Failed System Reloading, Restarting, and Shutting Down the System Using the Built-in Troubleshooting Tools Rebooting the System in Recovery Mode Reboot Options v

6 Appendix A Extended Match and Condition Expressions. 81 Quick reference Structure of an Extended Match or Condition Expression Operators Elements Joins Combining Escaping Macro Definitions No Name Parameters Appendix B Barracuda Load Balancer Hardware i Front Panel of the Barracuda Load Balancer ii Barracuda Load Balancer 240, 340, and ii Barracuda Load Balancer iii Back Panel of the Barracuda Load Balancer iv Barracuda Load Balancer, all models iv Hardware Compliance v Notice for the USA v Notice for Canada v Notice for Europe (CE Mark) v Appendix C Limited Warranty and License vii Barracuda Networks Limited Hardware Warranty (v 2.1) vii Exclusive Remedy vii Exclusions and Restrictions vii Barracuda Networks Software License Agreement (v 2.1) viii Barracuda Networks Energize Updates and Other Subscription Terms.... xii Barracuda Networks Software License Agreement Appendix xii vi Barracuda Load Balancer Administrator s Guide

7 Chapter 1 Introduction This chapter provides an overview of the Barracuda Load Balancer and includes the following topics: Overview on page 8 Features of the Barracuda Load Balancer on page 9 Introduction 7

8 Overview Organizations use load balancers to distribute traffic across a set of servers in their network. In the event a server goes down, the load balancer automatically detects this failure and begins forwarding traffic to the remaining functioning servers, maintaining high availability of the services provided by the servers. The Barracuda Load Balancer is designed to help organizations achieve their high availability objectives by providing: Comprehensive failover capabilities in case of server failure, Distribution of traffic across multiple servers, and Integrated protection from network intrusions. Note The Barracuda Load Balancer is not designed for link balancing that distributes traffic across multiple Internet connections - try the Barracuda Link Balancer instead. Powerful Enterprise-Class Solution The Barracuda Load Balancer uses a variety of factors to make load-balancing decisions. It is designed to provide comprehensive IP load-balancing capabilities to any IP-based application, including: Internet sites with high traffic requirements, including Web, FTP, media streaming, and content delivery networks Hosted applications using thin-client architectures, such as Windows Terminal Services Other IP services requiring optimal performance, including SMTP, DNS, RADIUS, and TFTP The Barracuda Load Balancer's integrated Service Monitor ensures that servers and their associated applications are operational at all times. In the event of server or application failure, the Barracuda Load Balancer facilitates automatic failover among servers to ensure continuous availability. The Barracuda Load Balancer also assists in orchestrating scheduled windows on specific servers while maintaining application availability through other servers in the server farm. To minimize the risk associated with failures of the load balancers themselves, two Barracuda Load Balancers can be deployed in an active/passive configuration. In the event a primary active Barracuda Load Balancer fails, a backup Barracuda Load Balancer can quickly assume the identity of the primary Barracuda Load Balancer. The switchover happens automatically to maintain application availability. 8 Barracuda Load Balancer Administrator s Guide

9 Features of the Barracuda Load Balancer The Barracuda Load Balancer is designed with the following features: Load Balancing for all IP-based Applications... 9 Easy to Use and Maintain... 9 Intrusion Prevention System Auto-Discover Mode Persistence SSL Offloading Scheduling Policy Automated Service Monitor Multiple Deployment Modes High Availability Easy Administration Last Resort Server Content Routing Removing Servers without Disrupting the Service HTTP Request and Response Rewrites Support for Layer 2 VLANs TCP Proxy Global Server Load Balancing (GSLB) Load Balancing for all IP-based Applications The Barracuda Load Balancer is designed to provide fast and comprehensive IP load-balancing capabilities to any IP-based application, including: HTTP HTTPS (SSL) SSH SMTP IMAP RDP (Terminal Services) POP3 NTP ASP Streaming Media DNS LDAP RADIUS TFTP Other TCP/UDP-based services Easy to Use and Maintain The Barracuda Load Balancer is extremely easy to deploy, featuring automatic discovery and configuration tools through an intuitive Web interface. To minimize ongoing administration Introduction 9

10 associated with security, the Barracuda Load Balancer can automatically receive current intrusion prevention and security updates from Barracuda Central, an advanced 24/7 security operations center that works to continuously monitor and block the latest Internet threats. Intrusion Prevention System Many security technologies are integrated into the Barracuda Load Balancer. The set-and-forget Intrusion Prevention System (IPS) helps secure your network, even if you may have missed a patch or if an exploit manages to get past your existing security. The Barracuda Load Balancer will automatically block any exploits that are detected across any protocol; no configuration is required. In addition to the Denial of Service (DDoS) protection provided for all load balanced servers by the built-in IPS, the Barracuda Load Balancer will also automatically block any exploits that are detected across multiple protocols, with no extra configuration required. As with any security feature, IPS is designed to complement any existing security measures, not replace them. The role of the Intrusion Prevention System is to eliminate any damage from an attack that manages to penetrate the existing security architecture. The Intrusion Prevention System protects your load-balanced services from the following common threats: Protocol-specific attacks. The Barracuda Load Balancer contains protocol-specific guards that protect your Real Servers from attacks targeting the SMTP, DNS, and LDAP protocols. Application-specific attacks. The Barracuda Load Balancer protects common applications that are particularly vulnerable to external attacks. These applications include IIS, Websphere, Cold Fusion, Exchange, and many more. Operating system-specific attacks. The Barracuda Load Balancer contains Microsoft and UNIXspecific detection capabilities that identify malicious activity against these operating systems. Exploit signatures are regularly updated at Barracuda Central, and are automatically delivered to your Barracuda Load Balancer via Energize Updates. The following figure shows how Barracuda Central provides the latest updates through the Energize Update feature. Figure 1.1: Barracuda Energize Updates 10 Barracuda Load Balancer Administrator s Guide

11 Auto-Discover Mode All models of the Barracuda Load Balancer support Auto-Discovery of Real Servers and applications running on the servers to ensure quick and easy deployment of new servers. For common applications there is no need to manually configure each port. Persistence The Barracuda Load Balancer supports technology that directs clients back to the same server, including client IP address and cookies. The length of time that session persistence is maintained during a time of inactivity can be enabled on a Service level. SSL Offloading The Barracuda Load Balancer has the ability to handle SSL encryption and decryption locally, to help ease the burden on back end Real Servers. SSL offloading is not available if using the Direct Server Return mode of deployment or if the Service type is Layer 7 - RDP. Scheduling Policy The Barracuda Load Balancer supports multiple scheduling policies that support server weighting including Weighted Least Connection and Weighted Round Robin. The Barracuda Load Balancer also supports adaptive scheduling, a resource based algorithm that assigns weights to servers based on factors such as the load reported by the servers. You can also specify that certain servers handle more traffic than others. Automated Service Monitor Barracuda Load Balancer features a fully integrated Service Monitor which performs automated tests to determine the availability of your servers. Traffic is re-routed to other servers within seconds if a server becomes unavailable. Multiple Deployment Modes The Barracuda Load Balancers support Route-Path, Bridge-Path, and Direct Server Return deployment modes. Route-Path offers increased flexibility, while Bridge-Path allows deployment without changes to existing IP infrastructure. Direct Server Return allows for maximum throughput and is ideal for content delivery networks. High Availability With simple setup through the Web administrative interface, the Barracuda Load Balancer supports High Availability configurations. Just point the backup Barracuda Load Balancer to the primary Introduction 11

12 Barracuda Load Balancer's management IP address to synchronize configurations and establish a highly available network that brings your server farm to enterprise grade availability. Easy Administration The SSL-secured Web interface of the Barracuda Load Balancer allows for convenient configuration and monitoring. Last Resort Server The Barracuda Load Balancer allows you to specify a Last Resort Server, which is the server to which all traffic for a particular Service is routed in the event that all Real Servers associated with that Service are not available. This Last Resort Server can be located on a different network, or even across the Internet, so long as the WAN port of the Barracuda Load Balancer has a route to that server. Content Routing The Barracuda Load Balancer can route application (Layer 7) traffic to different servers based on content rules that examine incoming requests. This allows you to partition your servers by content and process requests more efficiently by directing them to the relevant server. For example, image requests can be directed to a server that hosts all of the images and has been optimized for image delivery. Removing Servers without Disrupting the Service You can remove a Real Server from the server farm for maintenance or other reasons by marking it as disabled, which terminates all existing connections immediately, or by setting its status to maintenance mode. In maintenance mode, the server maintains existing connections but does not accept any new ones. When those connections are complete you can perform the server maintenance. You can also add or delete a Real Server to the farm without disrupting the Service. HTTP Request and Response Rewrites Powerful regular expression support allows you to create rules to match patterns in HTTP requests and responses and to modify them. Support for Layer 2 VLANs The Barracuda Load Balancer supports Layer 2 VLANs. 12 Barracuda Load Balancer Administrator s Guide

13 TCP Proxy The Barracuda Load Balancer acts as a full TCP proxy for incoming and outgoing connections for Services with type TCP Proxy. Global Server Load Balancing (GSLB) GSLB provides a variety of ways to specify how traffic is directed to various sites, including priority and geographical location. The Barracuda Load Balancer uses those parameters while monitoring the health of each data center to route requests to the optimal site. Introduction 13

14 14 Barracuda Load Balancer Administrator s Guide

15 Chapter 2 Load Balancing Deployment Options This chapter provides an overview of the Barracuda Load Balancer and includes the following topics: Barracuda Load Balancer Terminology on page 16 Load Balancer Deployment Options on page 18 Load Balancing Deployment Options 15

16 Barracuda Load Balancer Terminology The following is a list of some of the terms used by the Barracuda Load Balancer. Table 2.1: Barracuda Load Balancer terminology Term Service Service Monitor Virtual IP (VIP) Real Server Server Farm Client Persistence Scheduling policy Route-Path Bridge-Path Direct Server Return Logical Network Physical Network Description A combination of a Virtual IP (VIP) and one or more TCP/UDP ports that the Service is to listen on. Traffic arriving over the designated port(s) to the specified Virtual IP is directed to one of the Real Servers that are associated with a particular Service. The Service Monitor monitors the availability of the Real Servers. It can be configured either on a per-service or per-real Server basis to use one of several different methods to establish the availability of a Real Server. If the Service Monitor finds that no Real Servers are available, you can specify a Last Resort Server to which all traffic for the Service will be routed. The IP address assigned to a specific Service. A client uses the Virtual IP address to connect to the load-balanced Service. The Virtual IP address must be different than the WAN IP address of the Barracuda Load Balancer. One of the systems that perform the actual work of the load-balanced Service. The Barracuda Load Balancer assigns new connections to it as determined by the scheduling policy in effect for the Service. A collection of Real Servers. The entity requesting connection to a load-balanced Service. It can be an external Web browser accessing your load-balanced Web site, or an internal user connecting to a load-balanced mail server. A returning connection is routed to the same Real Server that handled a previous request from the same client within a specified time. Examples of Services that may need persistence settings are Web sites that have shopping carts or require some sort of login. See Enabling Persistence on page 45 for more information. Specifies how the Barracuda Load Balancer determines which Real Server is to receive the next connection request. Each Service can be configured with a different policy. More information can be found in Selecting a Scheduling Policy on page 47. Deployment modes for the Barracuda Load Balancer. They differ in how the Real Servers are connected. Details and benefits of each mode can be found in the sections Route-Path (Recommended) on page 19 and Bridge-Path on page 24. Option that is enabled on individual Real Servers. However, because it can affect how a deployment is designed, it is often treated as a mode of its own. More details on this can be found in the section on Direct Server Return on page 26. A collection of systems on an isolatable subnet. In Route-Path mode, for example, all systems associated with the LAN interface would be in one (or more) logical network(s) x, and all systems connected to the WAN interface would be in another logical network of x. A group of systems that are physically connected to each other, usually over a switch or VLAN. 16 Barracuda Load Balancer Administrator s Guide

17 Term WAN IP Address High Availability One-armed Mode Two-armed Mode Description The IP address associated with the port that connects the Barracuda Load Balancer to the WAN. It may be used to access the Web administration interface. This address must be different than the Virtual IP addresses assigned to the Services. Two Barracuda Load Balancers can be joined as an active-passive pair in a cluster. The active system performs the load-balancing while the passive one monitors it, ready to take over operations if the first one fails. For more information, see Creating a High Availability Environment on page 58. In one-armed mode, the WAN port is used for both external and internal traffic that passes through the Barracuda Load Balancer. In two-armed mode, the Barracuda Load Balancer is deployed in-line, using both the WAN and LAN ports. The Virtual IP addresses and the Real Servers must be on different subnets. Load Balancing Deployment Options 17

18 Load Balancer Deployment Options Services on the Barracuda Load Balancer can be deployed in the following three modes: Route-Path (Recommended) Bridge-Path Direct Server Return All of these deployment modes require specific network configurations. However, the Barracuda Load Balancer must be in either Route-Path or Bridge-Path mode. Direct Server Return is an option that you may choose for each Real Server. Choose the deployment mode for the Barracuda Load Balancer based on the type of network configuration that currently exists at your site as well as on the types of Services you wish to load balance. Route-Path is usually recommended over Bridge-Path because it provides a more robust deployment. Enabling the Direct Server Return option is recommended for Real Servers that generate a high volume of outbound traffic. Sample Network Situations To assist you in deciding how to deploy the Barracuda Load Balancer in your network, here are some common cases with suggested deployments. All of these cases use the Route-Path deployment. 1. You only want to use the Barracuda Load Balancer to provide Layer 4 load balancing of TCP/IP traffic: Use two-armed Route-Path with one or more Layer 4 Services. 2. The Real Servers are on the same subnet as the Barracuda Load Balancer and the configuration cannot be changed: Use one-armed Route-Path with a TCP Proxy Service. Use Direct Server Return. 3. If you have an existing IT infrastructure using Windows where the Web servers need to communicate with systems such as Active Directory Domain Services, ISA Servers or domain controllers, to avoid changing those network settings: Use one-armed Route-Path with a TCP Proxy Service. Use Direct Server Return. 4. If the outbound traffic is far greater than the inbound traffic, for example, if the Real Servers are providing streamed audio or visual media: Use Direct Server Return to increase throughput. 5. If you need to remotely administer your Real Servers individually: Create new Services, each of which only load balances a single Real Server. Deploy the Real Servers in a one-armed mode where they are on the WAN side of the Barracuda Load Balancer and serving a TCP Proxy Service. Deploy the Real Servers on the WAN side using Direct Server Return. More deployment examples are presented in the rest of this chapter. 18 Barracuda Load Balancer Administrator s Guide

19 Route-Path (Recommended) Route-Path is the most commonly used deployment method. With Route-Path: The WAN and LAN IP addresses of the Barracuda Load Balancer are not on the same subnet. When using two-armed Route-Path, the Barracuda Load Balancer is in the Layer 3 path of outbound server traffic. The Real Servers are reachable from the WAN or LAN IP addresses in only one way. Route-Path is flexible, easy to integrate into a network, and offers a number of different configurations, many of which are explained in this section. The following table describes the advantages and disadvantages of deploying your Barracuda Load Balancer in Route-Path mode. Advantages In most cases, minimal network re-designing; works with existing physical configurations Disadvantages If a Service type of Layer 4 with SSL offloading not enabled is used, the Barracuda Load Balancer has to be able to handle the responses to client requests that are issued by the Real Servers. One way to ensure this is to make the Barracuda Load Balancer the default gateway for all downstream Real Servers. For all other Service types, including Layer 4 with SSL offloading turned on, the Real Servers and VIP addresses can be positioned more flexibly. Fast High Availability failover Load Balancing Deployment Options 19

20 Figure 2.1: Sample Route-Path Two-Armed network layout Deploying Route-Path There are multiple alternatives for configuration when using the Barracuda Load Balancer in the Route-Path mode: Some or all of the Real Servers are on the same subnet as the LAN IP address and using the LAN IP address as their gateway; Some or all of the Real Servers are on the same subnet as the WAN IP address and using the WAN IP address as their gateway; Some or all of the Real Servers are on the same VLAN as the Barracuda Load Balancer; Some or all of the Real Servers are on a different subnet than either the WAN or LAN IP address but accessible via static routes; Some or all of the Real Servers are on a different subnet and responding to a TCP Proxy Service. Virtual IP addresses are on the same subnet as the WAN interface of the Barracuda Load Balancer, and Real Servers on a subnet separate from the VIPs. 20 Barracuda Load Balancer Administrator s Guide

21 Virtual IP addresses are on the same subnet as the LAN interface of the Barracuda Load Balancer and Real Servers on a subnet separate from the VIPs. Real Servers that are on multiple networks simultaneously may break the route path. If a Real Server has more than one network adapter enabled, which gives traffic an alternate route around the Barracuda Load Balancer, the deployment will not work properly even though it may appear to work initially. There are two exceptions where Real Servers may have multiple network adapters: The networks that the Real Servers are on are isolated from each other and cannot access the WAN network without going through the Barracuda Load Balancer. Static routes for incoming and outgoing traffic for each IP address of each Real Server have been defined. Route-Path One-Armed One-armed Route-Path provides a quick way to insert the Barracuda Load Balancer into an existing infrastructure with minimal changes to the network topology. If the Service type is Layer 4 and not using SSL offloading or TCP Proxy, each Real Server must list the LAN IP address of the Barracuda Load Balancer as its gateway IP address. This restriction only applies to this one Service type. Otherwise, you are not required to change the IP addresses of the Real Servers. It is possible to connect the Barracuda Load Balancer to the same switch as the Real Servers. Another option with one-armed deployment is that you can keep an externally accessible IP address on a Real Server so external clients can still access that address (for example, for FTP) only on that one system. Because configuration changes are not required, only that traffic which needs to be load balanced passes through the Barracuda Load Balancer. This can be used as a way to temporarily insert the Barracuda Load Balancer into your network until network changes are possible. Load Balancing Deployment Options 21

22 Figure 2.2: One-armed Route-Path using TCP Proxy Service Route-Path Two-Armed Two-armed Route-Path is the most common way to install the Barracuda Load Balancer into your network. It provides separation between the LAN and WAN sides of your network. Deploying the Barracuda Load Balancer in this way requires changing the IP addresses of all of the servers. If you are planning to use the Barracuda Load Balancer to provide Layer 4 load balancing of TCP/IP traffic, this is the best option for your situation. Route-Path with TCP Proxy Service You can create a TCP Proxy Service to make the Barracuda Load Balancer act as a full TCP proxy. Connections from the client are terminated at the Barracuda Load Balancer and new ones are established between the Barracuda Load Balancer and the Real Servers. TCP Proxy allows more flexibility as to how the packet is handled. Using the TCP Proxy Service allows the Real Servers to be located anywhere, as long as they are reachable by the Barracuda Load Balancer (e.g. on the same subnet or VLAN or static routes have been configured). This can be used in one-armed configurations for protocols like OCS as well as for custom applications. In two-armed configurations, Real Servers can access the VIPs on the same side of the Load Balancer. 22 Barracuda Load Balancer Administrator s Guide

23 As already mentioned, Real Servers can access the VIP address of any TCP Proxy Service on the same side of the Barracuda Load Balancer. Figure 2.3 shows a network where there are Virtual IP addresses available on both the WAN and LAN side. Clients coming from the Internet or intranet can access the Database or Web Service. On the LAN side, the Web servers can access the Database Service. Figure 2.3: Two-armed TCP Proxy Service Figure 2.4 shows an example of a one-armed route path deployment using TCP Proxy Services. In this case, the Services are provided by multiple Barracuda Spam & Virus Firewalls and servers. Load Balancing Deployment Options 23

24 Figure 2.4: One-armed TCP Proxy Service with Barracuda Spam & Virus Firewalls As shown in the diagram, passes through this network in the following way: 1. is sent to the VIP address for the TCP Proxy Service that represents the Barracuda Spam & Virus Firewalls. 2. It is directed to the appropriate Barracuda Spam & Virus Firewall for processing. 3. After passing spam and virus checks, the is sent to the VIP address for the Service. 4. The Barracuda Load Balancer load balances the traffic and passes it to an server. Bridge-Path Bridge-Path deployment entails placing the Barracuda Load Balancer inline with your existing IP infrastructure so that it can load balance servers without changing IP addresses. With Bridge-Path deployment, the WAN and LAN interfaces must be on physically separate networks. The LAN interface must be on the same logical switch as the servers being load-balanced. Note that if you want to avoid changing the IP addresses of your servers, an alternative to Bridge- Path would be to use a TCP Proxy Service and Route-Path. 24 Barracuda Load Balancer Administrator s Guide

25 The following table describes the advantages and disadvantages of deploying your Barracuda Load Balancer in Bridge-Path mode. Advantages Minimal network changes since the existing IP infrastructure is reused Disadvantages If a Barracuda Load Balancer fails while in High Availability mode, the network topology causes servers to take longer to realize that failover has occurred than if they were deployed using Route-Path. Real Servers keep their existing IP addresses Separate physical networks required for downstream Real Servers Less resilient to network misconfigurations Improper configuration of a Bridge-Path network may result in a broadcast storm, resulting in network outages Figure 2.5: Sample Bridge-Path network layout Load Balancing Deployment Options 25

26 Deploying Bridge-Path In Bridge-Path mode, the Real Servers must be physically isolated behind the Barracuda Load Balancer. This means that each Real Server is no longer visible on the network if the Barracuda Load Balancer becomes unavailable (a separate switch is required for models 440 and below). The Real Servers must be on the same subnet and logical network as the Barracuda Load Balancer, the VIPs, and the rest of the WAN, and they must specify the same gateway as the Barracuda Load Balancer. Make sure that the Operating Mode of the Barracuda Load Balancer is set to Bridge-Path on the Basic > IP Configuration page. The LAN IP Address on the same page is not used. Direct Server Return Direct Server Return (DSR) is an option associated with a Real Server which allows for increased outbound traffic throughput. In DSR, connection requests and incoming traffic go from the Barracuda Load Balancer to the Real Server, but all outgoing traffic goes directly from the Real Server to the client. DSR is most useful if the outbound traffic is far greater than the inbound traffic. For example, if the Real Servers are providing streamed audio or visual media, throughput will be increased by using DSR. Because the Barracuda Load Balancer does not process the outgoing traffic, Layer 7 applications (HTTP, TCP Proxy and RDP), SSL offloading and cookie persistence are not supported with DSR. Only configure DSR when the load balancing can be done at Layer 4. With DSR, requests come through the WAN interface of the Barracuda Load Balancer and are handed off to the Real Servers. The Real Servers must be configured with the IP address of the VIP, where the VIP is bound to the loopback interface. The Real Servers then respond directly to the user with the source address of the request through their own interfaces. This implementation requires enabling a non-arping loopback adapter, a feature that can be found on most server operating systems. Your applications may need to be explicitly bound to the loopback adapter. The following table describes the advantages and disadvantages of deploying your Barracuda Load Balancer in Direct Server Return mode. Advantages Ideal for high-bandwidth requirements such as content delivery networks Keeps existing IP addresses of Real Servers Disadvantages Requires flat network topology Requires non-arping loopback adapter on Real Servers Client IP persistence only Layer 7 load balancing is not supported DSR is an option which is turned on for each Real Server. You may have DSR servers and non-dsr servers running the same Service. Real Servers that are in DSR mode must be on the same subnet as the WAN. See Figure 2.6 for an example of a DSR deployment. 26 Barracuda Load Balancer Administrator s Guide

27 Figure 2.6: Sample Direct Server Return, one-armed architecture How Direct Server Return works: 1. The request comes to the switch and is passed to the VIP on the Barracuda Load Balancer. 2. A Real Server is selected, and the data frame of the packet is modified to be the MAC address of that Real Server. 3. The packet is then placed back on the network. 4. Normally the Real Server would drop the traffic since it doesn t have the VIP s IP address, but because the VIP is bound to the Real Server s loopback interface, Real Server accepts the packet. 5. When the Real Server responds and sends the traffic back out, the source IP address is the VIP address. DSR with Route-Path or Bridge-Path Direct Server Return in conjunction with Bridge-Path is not recommended. Please contact Technical Support to discuss alternatives if you feel that your corporate network requires this configuration. Load Balancing Deployment Options 27

28 Deploying Direct Server Return Direct Server Return uses a flat network topology at the Layer 2 (Switching) and Layer 3 (IP) levels, which means that the Barracuda Load Balancer, all VIPs, and all Real Servers all must be within the same IP network and connected on the same switch. Figure 2.6 above shows this topology. Each Real Server must be one hop away from the Barracuda Load Balancer, but they use the WAN port. This means their switch must be directly connected into the WAN port of the Load Balancer, or connected to a series of switches that eventually reach the WAN port of the Load Balancer without going through any other networking devices. If you specify Route-Path deployment for the Barracuda Load Balancer, but only use Real Servers with Direct Server Return enabled, the physical LAN port is not used by the Barracuda Load Balancer. On the Basic > Services page, each Real Server listed under each Service must individually be configured for Direct Server Return mode. Edit each Real Server and select Enable for the Direct Server Return option. Deployment Notes When deploying Real Servers in Direct Server Return mode, note the following: The Barracuda Load Balancer needs to have the WAN adapter plugged into the same switch or VLAN as all of the Real Servers. The WAN IP, all VIPs, and all of the Real Servers that use Direct Server Return must be on the same IP subnet. Each Real Server needs to recognize the VIP as a local address. This requires enabling of a non- ARPing virtual adapter such as a loopback adapter and binding it to the VIP address of the loadbalanced Service. Because this is not a true adapter, there should be no gateway defined in the TCP/IP settings for this adapter. Real Servers accepting traffic from multiple VIPs must have a loopback adapter enabled for each VIP. Additionally, the applications on each Real Server must be aware of both the Virtual IP address as well as the real IP addresses. Deployment in a Linux Environment To add a non-arping adapter to a Real Server running Linux, add an alias to the lo (loopback) adapter. The following commands are examples of how to do this for some versions of Linux. Consult your operating system vendor if you need more details about how to add a non-arping loopback adapter. 1. Edit your rc.local file (usually located at /etc/rc.d/rc.local) 2. Add the following to your rc.local file: sysctl -w net.ipv4.conf.lo.arp_ignore=1 sysctl -w net.ipv4.conf.lo.arp_announce=2 sysctl -w net.ipv4.conf.all.arp_ignore=1 sysctl -w net.ipv4.conf.all.arp_announce=2 ifconfig <interface_name> <ip_address> netmask arp up where: 28 Barracuda Load Balancer Administrator s Guide

29 <interface_name> is lo:<number> (e.g. lo:0, lo:1, lo:2) <ip_address> is the Virtual IP Address for the Service For example: ifconfig lo: netmask arp up 3. httpd.conf must have a VirtualHost entry for the VIPs. Edit the file to add these two lines: listen <virtual_ip_address>:80 listen <real_ip_address>:80 where: <virtual_ip_address> is the Virtual IP Address for the Service <real_ip_address> is the actual IP Address for the Real Server 4. To check if the loopback adapter is working, make sure the Real Server is bound to the loopback adapter s IP address. Output from the ifconfig command should show the presence of the loopback adapter. Deployment in a Windows/XP Environment For information on how to add a non-arping adapter in a Windows/XP environment, refer to Or, check the Microsoft Support Site for your operating system. Applications running on Microsoft Real Servers must be configured to accept traffic received on the VIP addresses (the loopback IP addresses). To do this, add the VIP addresses to IIS (Internet Information Services) on each Real Server. The VIP addresses must be listed above the real IP address of the Real Server. Associate the Web site or application with the VIP addresses. Deployment in a Microsoft Windows Server 2003 or 2008 Environment To make servers that are running Microsoft Windows Server 2003 and Windows Server 2008 ready for DSR, there are several steps that you need to do on each server. Table 2.2: Steps to make Microsoft Windows Server 2003 and 2008 ready for DSR DSR in a Microsoft Windows Server 2003 or 2008 Environment Disable the Windows firewall. Enable traffic to the loopback adapter. Install the loopback adapter. Configure the loopback adapter. In particular, stop the loopback adapter from responding to ARP requests. Remember that the loopback adapter has the same IP address as the VIP address. Make the Windows networking stack use the weak host model. This step is required to allow the modified packet to be accepted by Windows Server 2008 servers. If you are using IIS, add the loopback adapter to your site bindings. You need to ensure that the IP address for the loopback adapter is included in the site bindings in IIS. Load Balancing Deployment Options 29

30 These detailed instructions describe how to deploy DSR in a Windows Server 2003 or 2008 environment. Perform these steps for each server. 1. Disable the Windows firewall. For Microsoft Windows Server 2003 and Windows Server 2008 you need to disable the built in firewall or manually change the rules to enable traffic to and from the loopback adapter. By default, the Windows firewall blocks all connections to the loopback adapter. 2. Install the loopback adapter. 2a. For Windows Server 2003: to install the Microsoft loopback adapter refer to This note describes how to install the loopback adapter. Follow the instructions in Method 1. When done, proceed to step 3. 2b. For Windows Server 2008 or Windows Server 2008 R2, follow these instructions to install a loopback adapter on one server: 1. Open Device Manager. On the Start menu, click Run and type devmgmt.msc at the prompt. 2. Right-click on the server name and click Add legacy hardware. 3. When prompted by the wizard, choose to Install the hardware that I manually select from a list (Advanced). 4. Find Network Adapter in the list and click Next. 5. From the listed manufacturers select Microsoft and then Microsoft Loopback Adapter. See Figure Barracuda Load Balancer Administrator s Guide

31 Figure 2.7: Adding a loopback adapter in Windows Server This will add a new network interface to your server. 3. Configure the loopback adapter. After the loopback adapter is installed, follow these steps to configure it: 3a. In Control Panel, double-click Network and Dial up Connections. 3b. Right-click the newly installed loopback adapter and click Properties. 3c. Click to clear the Client for Microsoft Networks check box. 3d. Click to clear the File and Printer Sharing for Microsoft Networks check box. 3e. Click TCP/IP properties. 3f. Enter the VIP address and the subnet mask. 3g. Click Advanced. 3h. Change the Interface Metric to 254. This stops the adapter from responding to ARP requests. 3i. Click OK. 4. Make the Windows networking stack use the weak host model. Load Balancing Deployment Options 31

32 If you are using Windows Server 2003, you can skip to the next step. If you are using Windows Server 2008 or Windows Server 2008 R2, this step tells you how to make the Windows networking stack use the weak host model (which is the same model used in Windows Server 2003). DSR works by modifying the destination MAC address of the incoming traffic to one of the Real Servers behind your VIP. In versions of Windows prior to 2008, the Windows networking stack used a weak host model which allowed the host to receive packets on an interface not assigned as the destination IP address of the packet being received. With Windows Server 2008, Microsoft has implemented a strong host model which breaks the method that DSR uses. Open a command prompt with elevated permissions. To determine the interface ID for both the loopback adapter and the main NIC on the server, type: netsh interface ipv4 show interface Note the IDX for both the main network interface and the loopback adapter you created. If you have not changed the interface names for this server then usually the main NIC will display as Local Area Connection and the loopback adapter will be named Local Area Connection 2. An entry will be displayed that includes the IDX numbers for both your loopback adapter and your Internet facing NIC. For each of these adapters enter these three commands: netsh interface ipv4 set interface <IDX number for Server NIC> weakhostsend=enabled netsh interface ipv4 set interface <IDX number for loopback> weakhostreceive=enabled netsh interface ipv4 set interface <IDX number for loopback> weakhostsend=enabled For example: netsh interface ipv4 set interface 23 weakhostsend=enabled netsh interface ipv4 set interface 24 weakhostreceive=enabled netsh interface ipv4 set interface 24 weakhostsend=enabled To enable these changes, either restart the server or restart the Windows Firewall service on the server. 5. If you are using IIS, add the loopback adapter to your site bindings. By default, IIS includes all interfaces, however, if you have configured a site to be bound to an individual IP address, you need to ensure that the IP address for the loopback adapter (your VIP address) is also included in the site bindings in IIS. Follow these steps to bind the loopback adapter, referring to Figure 2.8: 5a. Open the Internet Information Services (IIS) Manager. 5b. Expand the Sites Folder. 5c. Click Default Web Site or the name of the site you are modifying. 5d. Click Bindings on the Actions panel. 5e. Click Add... and click HTTP or HTTPS in the Type list. Enter the IP address of your loopback adapter and the port. Click OK. 5f. On the Actions panel click Restart under Manage Web Site to ensure the new bindings take effect. 32 Barracuda Load Balancer Administrator s Guide

33 Figure 2.8: Add Site Binding using IIS Verifying DSR Deployment When you are done adding the loopback adapters, try to ping the Real Servers and the VIP, and telnet to the Real Servers. If the ping doesn t work or if in response to the telnet you get a connection refused from the VIP, then the loopback adapter has not been configured correctly. Try to verify that the loopback adapters are non-arping. On either Linux or Windows systems, use the arp -a command. Also, check the systems event logs to check for IP address conflicts. If, later, once the Service is set up, the client tries to connect but is unable to access the application, then the IIS (Windows) or application has not been associated with the real IP address and the VIP. Load Balancing Deployment Options 33

34 34 Barracuda Load Balancer Administrator s Guide

35 Chapter 3 Getting Started This chapter provides instructions for installing the Barracuda Load Balancer. It includes the following topics: Initial Setup A similar process is described in the Barracuda Load Balancer Quick Start Guide. Getting Started 35

36 Initial Setup These are the general steps to set up your Barracuda Load Balancer. For more detailed instructions for each step, see the following reference pages. Preparing for Installation Connecting the Barracuda Load Balancer to the Network Configuring WAN IP Address and Network Settings Configuring Your Corporate Firewall Configuring the Barracuda Load Balancer Updating the Barracuda Load Balancer Firmware Verifying Your Subscription Status Updating the IPS Definitions Preparing for Installation Before installing your Barracuda Load Balancer, complete the following tasks: Decide which type of deployment is most suitable to your network. For more information on the deployment options, see Load Balancer Deployment Options on page 18. Make any necessary changes to your network, according to your chosen method of deployment. Identify the ports used by the services or applications that you want to load-balance. Verify you have the necessary equipment: Barracuda Load Balancer (check that you have received the correct model) AC power cord Ethernet cables Mounting rails and screws VGA monitor (recommended) PS2 keyboard (recommended) 36 Barracuda Load Balancer Administrator s Guide

Barracuda Load Balancer Administrator s Guide

Barracuda Load Balancer Administrator s Guide Barracuda Load Balancer Administrator s Guide Version 3.x Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2004-2010, Barracuda Networks

More information

Barracuda Load Balancer Administrator s Guide

Barracuda Load Balancer Administrator s Guide Barracuda Load Balancer Administrator s Guide Version 2.x Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2004-2008, Barracuda Networks

More information

Barracuda Load Balancer Administrator s Guide

Barracuda Load Balancer Administrator s Guide Barracuda Load Balancer Administrator s Guide Version 2.3 Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2004-2008, Barracuda Networks

More information

Barracuda Link Balancer Administrator s Guide

Barracuda Link Balancer Administrator s Guide Barracuda Link Balancer Administrator s Guide Version 1.0 Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2008, Barracuda Networks

More information

Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2. Office Communications Server Overview.

Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2. Office Communications Server Overview. Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2 Organizations can use the Barracuda Load Balancer to enhance the scalability and availability of their Microsoft Office Communications

More information

Barracuda Link Balancer

Barracuda Link Balancer Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.2 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.2-110503-01-0503

More information

Appliance Quick Start Guide. v7.6

Appliance Quick Start Guide. v7.6 Appliance Quick Start Guide v7.6 rev. 1.0.7 Copyright 2002 2015 Loadbalancer.org, Inc. Table of Contents Loadbalancer.org Terminology... 4 What is a Virtual IP Address?... 5 What is a Floating IP Address?...

More information

Barracuda Load Balancer Online Demo Guide

Barracuda Load Balancer Online Demo Guide Barracuda Load Balancer Online Demo Guide Rev 1.3 October 04, 2012 Product Introduction The Barracuda Networks Load Balancer provides comprehensive IP load balancing capabilities to any IP-based application,

More information

ClusterLoad ESX Virtual Appliance quick start guide v6.3

ClusterLoad ESX Virtual Appliance quick start guide v6.3 ClusterLoad ESX Virtual Appliance quick start guide v6.3 ClusterLoad terminology...2 What are your objectives?...3 What is the difference between a one-arm and a two-arm configuration?...3 What are the

More information

Microsoft Lync Server Overview

Microsoft Lync Server Overview Organizations can use the to enhance the scalability and availability of their Microsoft Lync Server 2010 deployments (formerly known as Microsoft Office Communications Server). Barracuda Networks has

More information

Barracuda IM Firewall Administrator s Guide

Barracuda IM Firewall Administrator s Guide Barracuda IM Firewall Administrator s Guide Version 3.0 Barracuda Networks Inc. 3175 S. Winchester Blvd Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2007, Barracuda Networks www.barracuda.com

More information

Appliance Quick Start Guide v6.21

Appliance Quick Start Guide v6.21 Appliance Quick Start Guide v6.21 Copyright 2014 Loadbalancer.org, Inc. Table of Contents Loadbalancer.org terminology... 4 What is a virtual IP address?... 4 What is a floating IP address?... 4 What

More information

Remote Desktop Services Overview. Prerequisites. Additional References

Remote Desktop Services Overview. Prerequisites. Additional References Remote Desktop Services Overview Remote Desktop Services allows users to run Microsoft Windows applications on a remote computer running Windows Server 2008 or 2008 R2. All application execution and data

More information

Deploying the Barracuda Load Balancer with Microsoft Exchange Server 2010 Version 2.6. Introduction. Table of Contents

Deploying the Barracuda Load Balancer with Microsoft Exchange Server 2010 Version 2.6. Introduction. Table of Contents Deploying the Barracuda Load Balancer with Microsoft Exchange Server 2010 Version 2.6 Introduction Organizations use the Barracuda Load Balancer to distribute the load and increase the availability of

More information

Barracuda SSL VPN Administrator s Guide

Barracuda SSL VPN Administrator s Guide Barracuda SSL VPN Administrator s Guide Version 1.5.x Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2004-2009, Barracuda Networks,

More information

1. Barracuda Load Balancer - Overview... 4 1.1 What's New in the Barracuda Load Balancer... 5 1.1.1 Barracuda Load Balancer Release Notes

1. Barracuda Load Balancer - Overview... 4 1.1 What's New in the Barracuda Load Balancer... 5 1.1.1 Barracuda Load Balancer Release Notes Barracuda Load Balancer - Overview............................................................................ 4 1 What's New in the Barracuda Load Balancer..................................................................

More information

Appliance Administration Manual. v6.21

Appliance Administration Manual. v6.21 Appliance Administration Manual v6.21 This document covers all required administration information for Loadbalancer.org appliances Copyright 2014 Loadbalancer.org, Inc. Table of Contents Section A Introduction...7

More information

Availability Digest. www.availabilitydigest.com. Redundant Load Balancing for High Availability July 2013

Availability Digest. www.availabilitydigest.com. Redundant Load Balancing for High Availability July 2013 the Availability Digest Redundant Load Balancing for High Availability July 2013 A large data center can comprise hundreds or thousands of servers. These servers must not only be interconnected, but they

More information

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK Barracuda Networks Technical Documentation Barracuda SSL VPN Administrator s Guide Version 2.x RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks, Inc. www.barracuda.com v20-110511w-02-110915jc

More information

Barracuda Web Filter Administrator s Guide

Barracuda Web Filter Administrator s Guide Barracuda Web Filter Administrator s Guide Version 3.3 Barracuda Networks Inc. 3175 S. WInchester Blvd Campbell, CA 95008 http://www.barracuda.com 1 Copyright Notice Copyright 2004-2008, Barracuda Networks

More information

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

Load Balancing. Outlook Web Access. Web Mail Using Equalizer Load Balancing Outlook Web Access Web Mail Using Equalizer Copyright 2009 Coyote Point Systems, Inc. Printed in the USA. Publication Date: January 2009 Equalizer is a trademark of Coyote Point Systems

More information

Appliance Quick Start Guide v8.1

Appliance Quick Start Guide v8.1 Appliance Quick Start Guide v8.1 rev. 1.0.0 Copyright 2002 2016 Loadbalancer.org, Inc Table of Contents About this Guide... 5 About the Appliance... 5 Appliance Configuration Overview... 5 Appliance Security...

More information

F-Secure Messaging Security Gateway. Deployment Guide

F-Secure Messaging Security Gateway. Deployment Guide F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4

More information

Loadbalancer.org. Loadbalancer.org appliance quick setup guide. v6.6

Loadbalancer.org. Loadbalancer.org appliance quick setup guide. v6.6 Loadbalancer.org Loadbalancer.org appliance quick setup guide v6.6 1 Confidentiality Statement All information contained in this proposal is provided in confidence for the sole purpose of adjudication

More information

Server configuration for layer 4 DSR mode

Server configuration for layer 4 DSR mode ALOHA Load-Balancer - Application Note Document version: v1.1 Last update: 4th March 2014 EMEA Headquarters 3, rue du petit robinson ZAC des Metz 78350 Jouy-en-Josas France http://www.haproxy.com/ Purpose

More information

Appliance Quick Start Guide v6.21

Appliance Quick Start Guide v6.21 Appliance Quick Start Guide v6.21 Copyright 2014 Loadbalancer.org, Inc. Table of Contents Loadbalancer.org terminology... 4 What is a virtual IP address?... 4 What is a floating IP address?... 4 What are

More information

Load Balancing Microsoft Terminal Services. Deployment Guide

Load Balancing Microsoft Terminal Services. Deployment Guide Load Balancing Microsoft Terminal Services Deployment Guide rev. 1.5.7 Copyright 2002 2016 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 4 Loadbalancer.org Appliances Supported... 4 Loadbalancer.org

More information

Networking and High Availability

Networking and High Availability TECHNICAL BRIEF Networking and High Availability Deployment Note Imperva appliances support a broad array of deployment options, enabling seamless integration into any data center environment. can be configured

More information

Barracuda Web Filter Administrator s Guide

Barracuda Web Filter Administrator s Guide Barracuda Web Filter Administrator s Guide Version 4.x Barracuda Networks Inc. 3175 S. WInchester Blvd Campbell, CA 95008 http://www.barracuda.com 1 Copyright Notice Copyright 2004-2010, Barracuda Networks

More information

Appliance Administration Manual. v7.2

Appliance Administration Manual. v7.2 Appliance Administration Manual v7.2 This document covers all required administration information for Loadbalancer.org appliances Copyright 2002-2011 Loadbalancer.org, Inc. 1 Table of Contents Section

More information

Microsoft Terminal Services / Remote Desktop Services Deployment Guide

Microsoft Terminal Services / Remote Desktop Services Deployment Guide Microsoft Terminal Services / Remote Desktop Services Deployment Guide v1.3.7 Copyright 2013 Loadbalancer.org, Inc. load balancing microsoft terminal services load balancing terminal services load balancing

More information

Appliance Quick Start Guide. v7.6

Appliance Quick Start Guide. v7.6 Appliance Quick Start Guide v7.6 rev. 1.0.7 Copyright 2002 2015 Loadbalancer.org, Inc. Table of Contents Loadbalancer.org Terminology... 4 What is a Virtual IP Address?... 5 What is a Floating IP Address?...

More information

Microsoft Internet Information Services (IIS) Deployment Guide

Microsoft Internet Information Services (IIS) Deployment Guide Microsoft Internet Information Services (IIS) Deployment Guide v1.2.9 Copyright 2013 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 4 Appliances Supported... 4 Microsoft IIS Software Versions

More information

Networking and High Availability

Networking and High Availability yeah SecureSphere Deployment Note Networking and High Availability Imperva SecureSphere appliances support a broad array of deployment options, enabling seamless integration into any data center environment.

More information

Barracuda Message Archiver Administrator s Guide

Barracuda Message Archiver Administrator s Guide Barracuda Message Archiver Administrator s Guide Version 1.x Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2004-2008, Barracuda

More information

Deploying Windows Streaming Media Servers NLB Cluster and metasan

Deploying Windows Streaming Media Servers NLB Cluster and metasan Deploying Windows Streaming Media Servers NLB Cluster and metasan Introduction...................................................... 2 Objectives.......................................................

More information

Load Balancing Microsoft Remote Desktop Services. Deployment Guide

Load Balancing Microsoft Remote Desktop Services. Deployment Guide Load Balancing Microsoft Remote Desktop Services Deployment Guide rev. 1.0.5 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 4 Appliances Supported... 4 Microsoft Windows

More information

1 You will need the following items to get started:

1 You will need the following items to get started: QUICKSTART GUIDE 1 Getting Started You will need the following items to get started: A desktop or laptop computer Two ethernet cables (one ethernet cable is shipped with the _ Blocker, and you must provide

More information

1. _Inclusions Library... 4 1.1 _Inclusions Content... 4 2. Barracuda Load Balancer ADC - Overview... 4 2.1 Deployment... 4 2.1.

1. _Inclusions Library... 4 1.1 _Inclusions Content... 4 2. Barracuda Load Balancer ADC - Overview... 4 2.1 Deployment... 4 2.1. _Inclusions Library........................................................................................... 4 1 _Inclusions Contt......................................................................................

More information

5 Easy Steps to Implementing Application Load Balancing for Non-Stop Availability and Higher Performance

5 Easy Steps to Implementing Application Load Balancing for Non-Stop Availability and Higher Performance 5 Easy Steps to Implementing Application Load Balancing for Non-Stop Availability and Higher Performance DEPLOYMENT GUIDE Prepared by: Jim Puchbauer Coyote Point Systems Inc. The idea of load balancing

More information

SSL-VPN 200 Getting Started Guide

SSL-VPN 200 Getting Started Guide Secure Remote Access Solutions APPLIANCES SonicWALL SSL-VPN Series SSL-VPN 200 Getting Started Guide SonicWALL SSL-VPN 200 Appliance Getting Started Guide Thank you for your purchase of the SonicWALL SSL-VPN

More information

Overview of WebMux Load Balancer and Live Communications Server 2005

Overview of WebMux Load Balancer and Live Communications Server 2005 AVANU Load Balancing for Microsoft Office Live Communications Server 2005 WebMux Delivers Improved Reliability, Availability and Scalability Overview of WebMux Load Balancer and Live Communications Server

More information

GlobalSCAPE DMZ Gateway, v1. User Guide

GlobalSCAPE DMZ Gateway, v1. User Guide GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical

More information

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN

More information

Citrix NetScaler 10 Essentials and Networking

Citrix NetScaler 10 Essentials and Networking Citrix NetScaler 10 Essentials and Networking CNS205 Rev 04.13 5 days Description The objective of the Citrix NetScaler 10 Essentials and Networking course is to provide the foundational concepts and advanced

More information

Broadband Phone Gateway BPG510 Technical Users Guide

Broadband Phone Gateway BPG510 Technical Users Guide Broadband Phone Gateway BPG510 Technical Users Guide (Firmware version 0.14.1 and later) Revision 1.0 2006, 8x8 Inc. Table of Contents About your Broadband Phone Gateway (BPG510)... 4 Opening the BPG510's

More information

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary Course Summary Description The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure, secure and monitor a Citrix NetScaler system with

More information

QUICK START GUIDE. Cisco C170 Email Security Appliance

QUICK START GUIDE. Cisco C170 Email Security Appliance 1 0 0 1 QUICK START GUIDE Email Security Appliance Cisco C170 303357 Cisco C170 Email Security Appliance 1 Welcome 2 Before You Begin 3 Document Network Settings 4 Plan the Installation 5 Install the Appliance

More information

Load Balancing Web Proxies Load Balancing Web Filters Load Balancing Web Gateways. Deployment Guide

Load Balancing Web Proxies Load Balancing Web Filters Load Balancing Web Gateways. Deployment Guide Load Balancing Web Proxies Load Balancing Web Filters Load Balancing Web Gateways Deployment Guide rev. 1.4.9 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 3 Appliances

More information

nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc.

nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc. nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances The information contained in this document represents the current view of Microsoft Corporation on the issues discussed

More information

Load Balancing Trend Micro InterScan Web Gateway

Load Balancing Trend Micro InterScan Web Gateway Load Balancing Trend Micro InterScan Web Gateway Deployment Guide rev. 1.1.7 Copyright 2002 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 3 Loadbalancer.org Appliances Supported...

More information

Load Balancing for Microsoft Office Communication Server 2007 Release 2

Load Balancing for Microsoft Office Communication Server 2007 Release 2 Load Balancing for Microsoft Office Communication Server 2007 Release 2 A Dell and F5 Networks Technical White Paper End-to-End Solutions Team Dell Product Group Enterprise Dell/F5 Partner Team F5 Networks

More information

Load Balancing McAfee Web Gateway. Deployment Guide

Load Balancing McAfee Web Gateway. Deployment Guide Load Balancing McAfee Web Gateway Deployment Guide rev. 1.1.4 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 3 Loadbalancer.org Appliances Supported...3 Loadbalancer.org

More information

Installing and Using the vnios Trial

Installing and Using the vnios Trial Installing and Using the vnios Trial The vnios Trial is a software package designed for efficient evaluation of the Infoblox vnios appliance platform. Providing the complete suite of DNS, DHCP and IPAM

More information

Coyote Point Systems White Paper

Coyote Point Systems White Paper Five Easy Steps to Implementing Application Load Balancing for Non-Stop Availability and Higher Performance. Coyote Point Systems White Paper Load Balancing Guide for Application Server Administrators

More information

Chapter 8 Router and Network Management

Chapter 8 Router and Network Management Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by

More information

SuperLumin Nemesis. Administration Guide. February 2011

SuperLumin Nemesis. Administration Guide. February 2011 SuperLumin Nemesis Administration Guide February 2011 SuperLumin Nemesis Legal Notices Information contained in this document is believed to be accurate and reliable. However, SuperLumin assumes no responsibility

More information

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Firewall VPN Router. Quick Installation Guide M73-APO09-380 Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,

More information

F-SECURE MESSAGING SECURITY GATEWAY

F-SECURE MESSAGING SECURITY GATEWAY F-SECURE MESSAGING SECURITY GATEWAY DEFAULT SETUP GUIDE This guide describes how to set up and configure the F-Secure Messaging Security Gateway appliance in a basic e-mail server environment. AN EXAMPLE

More information

Chapter 15: Advanced Networks

Chapter 15: Advanced Networks Chapter 15: Advanced Networks IT Essentials: PC Hardware and Software v4.0 1 Determine a Network Topology A site survey is a physical inspection of the building that will help determine a basic logical

More information

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner

More information

Basic Network Configuration

Basic Network Configuration Basic Network Configuration 2 Table of Contents Basic Network Configuration... 25 LAN (local area network) vs WAN (wide area network)... 25 Local Area Network... 25 Wide Area Network... 26 Accessing the

More information

Load Balancing Microsoft Exchange 2016. Deployment Guide

Load Balancing Microsoft Exchange 2016. Deployment Guide Load Balancing Microsoft Exchange 2016 Deployment Guide rev. 1.0.1 Copyright 2002 2016 Loadbalancer.org, Inc. Table of Contents About this Guide... 4 Loadbalancer.org Appliances Supported... 4 Loadbalancer.org

More information

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network

More information

Load Balancing Barracuda Web Filter. Deployment Guide

Load Balancing Barracuda Web Filter. Deployment Guide Load Balancing Barracuda Web Filter Deployment Guide rev. 1.1.4 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 3 Loadbalancer.org Appliances Supported...3 Loadbalancer.org

More information

Smoothwall Web Filter Deployment Guide

Smoothwall Web Filter Deployment Guide Smoothwall Web Filter Deployment Guide v1.0.7 Copyright 2013 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 3 Loadbalancer.org Appliances Supported...3 Loadbalancer.org Software Versions

More information

Version. Barracuda Spam Firewall Administrator s Guide

Version. Barracuda Spam Firewall Administrator s Guide Version Barracuda Spam Firewall Administrator s Guide Barracuda Networks Inc. 385 Ravendale Drive Mountain View, CA 94043 http://www.barracudanetworks.com 1 Copyright Notice Copyright 2005, Barracuda Networks

More information

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide Legal Notice Copyright 2006 Symantec Corporation. All rights reserved. Federal acquisitions: Commercial Software - Government

More information

ExamPDF. Higher Quality,Better service!

ExamPDF. Higher Quality,Better service! ExamPDF Higher Quality,Better service! Q&A Exam : 1Y0-A21 Title : Basic Administration for Citrix NetScaler 9.2 Version : Demo 1 / 5 1.Scenario: An administrator is working with a Citrix consultant to

More information

Load Balancing Bloxx Web Filter. Deployment Guide

Load Balancing Bloxx Web Filter. Deployment Guide Load Balancing Bloxx Web Filter Deployment Guide rev. 1.1.8 Copyright 2002 2016 Loadbalancer.org, Inc. 1 Table of Contents About this Guide...4 Loadbalancer.org Appliances Supported...4 Loadbalancer.org

More information

Kaseya Server Instal ation User Guide June 6, 2008

Kaseya Server Instal ation User Guide June 6, 2008 Kaseya Server Installation User Guide June 6, 2008 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

Building a Scale-Out SQL Server 2008 Reporting Services Farm

Building a Scale-Out SQL Server 2008 Reporting Services Farm Building a Scale-Out SQL Server 2008 Reporting Services Farm This white paper discusses the steps to configure a scale-out SQL Server 2008 R2 Reporting Services farm environment running on Windows Server

More information

How to Open HTTP or HTTPS traffic to a webserver behind the NetVanta 2000 Series unit (Enhanced OS)

How to Open HTTP or HTTPS traffic to a webserver behind the NetVanta 2000 Series unit (Enhanced OS) NetVanta 2000 Series Technical Note How to Open HTTP or HTTPS traffic to a webserver behind the NetVanta 2000 Series unit (Enhanced OS) This document is applicable to NetVanta 2600 series, 2700 series,

More information

Configuring Citrix NetScaler for IBM WebSphere Application Services

Configuring Citrix NetScaler for IBM WebSphere Application Services White Paper Configuring Citrix NetScaler for IBM WebSphere Application Services A deployment guide for configuring NetScaler load balancing and content switching When deploying IBM WebSphere Application

More information

Broadband Router ESG-103. User s Guide

Broadband Router ESG-103. User s Guide Broadband Router ESG-103 User s Guide FCC Warning This equipment has been tested and found to comply with the limits for Class A & Class B digital device, pursuant to Part 15 of the FCC rules. These limits

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1 Configuring the BIG-IP and Check Point VPN-1 /FireWall-1 Introducing the BIG-IP and Check Point VPN-1/FireWall-1 LB, HALB, VPN, and ELA configurations Configuring the BIG-IP and Check Point FireWall-1

More information

Basic & Advanced Administration for Citrix NetScaler 9.2

Basic & Advanced Administration for Citrix NetScaler 9.2 Basic & Advanced Administration for Citrix NetScaler 9.2 Day One Introducing and deploying Citrix NetScaler Key - Brief Introduction to the NetScaler system Planning a NetScaler deployment Deployment scenarios

More information

Multi-Homing Dual WAN Firewall Router

Multi-Homing Dual WAN Firewall Router Multi-Homing Dual WAN Firewall Router Quick Installation Guide M73-APO09-400 Multi-Homing Dual WAN Firewall Router Overview The Multi-Homing Dual WAN Firewall Router provides three 10/100Mbit Ethernet

More information

Guideline for setting up a functional VPN

Guideline for setting up a functional VPN Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the

More information

3.1 RS-232/422/485 Pinout:PORT1-4(RJ-45) RJ-45 RS-232 RS-422 RS-485 PIN1 TXD PIN2 RXD PIN3 GND PIN4 PIN5 T+ 485+ PIN6 T- 485- PIN7 R+ PIN8 R-

3.1 RS-232/422/485 Pinout:PORT1-4(RJ-45) RJ-45 RS-232 RS-422 RS-485 PIN1 TXD PIN2 RXD PIN3 GND PIN4 PIN5 T+ 485+ PIN6 T- 485- PIN7 R+ PIN8 R- MODEL ATC-2004 TCP/IP TO RS-232/422/485 CONVERTER User s Manual 1.1 Introduction The ATC-2004 is a 4 Port RS232/RS485 to TCP/IP converter integrated with a robust system and network management features

More information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

More information

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide Symantec Database Security and Audit 3100 Series Appliance Getting Started Guide Symantec Database Security and Audit 3100 Series Getting Started Guide The software described in this book is furnished

More information

CounterACT 7.0 Single CounterACT Appliance

CounterACT 7.0 Single CounterACT Appliance CounterACT 7.0 Single CounterACT Appliance Quick Installation Guide Table of Contents Welcome to CounterACT Version 7.0....3 Included in your CounterACT Package....3 Overview...4 1. Create a Deployment

More information

Barracuda Spam Firewall User s Guide

Barracuda Spam Firewall User s Guide Barracuda Spam Firewall User s Guide 1 Copyright Copyright 2004, Barracuda Networks www.barracudanetworks.com All rights reserved. Use of this product and this manual is subject to license. Information

More information

User s Manual TCP/IP TO RS-232/422/485 CONVERTER. 1.1 Introduction. 1.2 Main features. Dynamic DNS

User s Manual TCP/IP TO RS-232/422/485 CONVERTER. 1.1 Introduction. 1.2 Main features. Dynamic DNS MODEL ATC-2000 TCP/IP TO RS-232/422/485 CONVERTER User s Manual 1.1 Introduction The ATC-2000 is a RS232/RS485 to TCP/IP converter integrated with a robust system and network management features designed

More information

Load Balancing Sophos Web Gateway. Deployment Guide

Load Balancing Sophos Web Gateway. Deployment Guide Load Balancing Sophos Web Gateway Deployment Guide rev. 1.0.9 Copyright 2002 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide...3 Loadbalancer.org Appliances Supported...3 Loadbalancer.org

More information

MailMarshal SMTP in a Load Balanced Array of Servers Technical White Paper September 29, 2003

MailMarshal SMTP in a Load Balanced Array of Servers Technical White Paper September 29, 2003 Contents Introduction... 1 Network Load Balancing... 2 Example Environment... 5 Microsoft Network Load Balancing (Configuration)... 6 Validating your NLB configuration... 13 MailMarshal Specific Configuration...

More information

Barracuda Web Application Firewall

Barracuda Web Application Firewall Barracuda Networks Technical Documentation Barracuda Web Application Firewall Administrator s Guide Version 7.6 RECLAIM YOUR NETWORK Copyright Notice Copyright (c) 2004-2011, Barracuda Networks, Inc.,

More information

1.0 Basic Principles of TCP/IP Network Communications

1.0 Basic Principles of TCP/IP Network Communications Section 1 Basic Principles of TCP/IP Network Communications Section 2 Introduction to Doors NetXtreme Section 3 Common Connection Issues Section 4 Common Causes Section 5 Tools Section 6 Contact Keri Systems

More information

DEPLOYMENT GUIDE Version 1.1. Deploying F5 with Oracle Application Server 10g

DEPLOYMENT GUIDE Version 1.1. Deploying F5 with Oracle Application Server 10g DEPLOYMENT GUIDE Version 1.1 Deploying F5 with Oracle Application Server 10g Table of Contents Table of Contents Introducing the F5 and Oracle 10g configuration Prerequisites and configuration notes...1-1

More information

Load Balancing Microsoft IIS. Deployment Guide

Load Balancing Microsoft IIS. Deployment Guide Load Balancing Microsoft IIS Deployment Guide rev. 1.4.2 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 4 Appliances Supported... 4 Microsoft IIS Software Versions Supported...

More information

Load Balancer LB-2. User s Guide

Load Balancer LB-2. User s Guide Load Balancer LB-2 User s Guide TABLE OF CONTENTS 1: INTRODUCTION...1 Internet Features...1 Other Features...3 Package Contents...4 Physical Details...4 2: BASIC SETUP...8 Overview...8 Procedure...8 3:

More information

AppDirector Load balancing IBM Websphere and AppXcel

AppDirector Load balancing IBM Websphere and AppXcel TESTING & INTEGRATION GROUP SOLUTION GUIDE AppDirector Load balancing IBM Websphere and AppXcel INTRODUCTION...2 RADWARE APPDIRECTOR...3 RADWARE APPXCEL...3 IBM WEBSPHERE...4 SOLUTION DETAILS...4 HOW IT

More information

Load Balancing Clearswift Secure Web Gateway

Load Balancing Clearswift Secure Web Gateway Load Balancing Clearswift Secure Web Gateway Deployment Guide rev. 1.1.8 Copyright 2002 2016 Loadbalancer.org, Inc. 1 Table of Contents About this Guide...3 Loadbalancer.org Appliances Supported...3 Loadbalancer.org

More information

BlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide

BlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide BlackBerry Enterprise Service 10 Version: 10.2 Configuration Guide Published: 2015-02-27 SWD-20150227164548686 Contents 1 Introduction...7 About this guide...8 What is BlackBerry Enterprise Service 10?...9

More information

SonicOS Enhanced 4.0: NAT Load Balancing

SonicOS Enhanced 4.0: NAT Load Balancing SonicOS Enhanced 4.0: NAT Load Balancing This document describes how to configure the Network Address Translation (NAT) & Load Balancing (LB) features in SonicOS Enhanced 4.0. Feature Overview, page 1

More information

NEFSIS DEDICATED SERVER

NEFSIS DEDICATED SERVER NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis

More information