Microsoft Internet Information Services (IIS) Deployment Guide
|
|
- Blaze Johns
- 8 years ago
- Views:
Transcription
1 Microsoft Internet Information Services (IIS) Deployment Guide v1.2.9 Copyright 2013 Loadbalancer.org, Inc. 1
2 Table of Contents About this Guide... 4 Appliances Supported... 4 Microsoft IIS Software Versions Supported... 4 Loadbalancer.org Software Versions Supported... 4 Microsoft Internet Information Services (IIS)... 5 Load Balancing IIS... 5 The Basics... 5 Sharing the Load... 5 Providing Resilience... 5 IIS Server Health-checks... 5 Ports & Protocols... 5 SSL & Certificates... 6 Persistence (aka Server Affinity)... 6 Deployment Architecture... 7 Load Balancer Deployment Methods... 8 Layer DR Mode (aka Direct Server Return)... 8 Network Address Translation (NAT Mode)...9 Layer Source Network Address Translation (HAProxy)...10 Loadbalancer.org Recommended Method Loadbalancer.org Appliance the Basics Network Configuration Accessing the Web User Interface (WUI) Clustered Pair Configuration Implementing IIS using Layer 4 DR Mode Overview Load Balancer Configuration Configure the Network Interface Configure the Virtual Server/Service (VIP) Configure the Real Servers (RIPs) IIS Server Configuration Solve the 'ARP Problem' Configure IIS Bindings DR Mode Key Points Implementing IIS using Layer 4 NAT Mode Overview Load Balancer Configuration Configure the Network Interfaces Configure the Virtual Server / Service (VIP) Configure the Real Servers (RIPs) IIS Server Configuration Default Gateway NAT Mode Key Points Implementing IIS using Layer 7 SNAT (HAProxy) Mode...28 Overview Load Balancer Configuration (single-arm example)...28 Configure the Network Interface Configure the Virtual Server / Service (VIP) Configure the Real Servers (RIPs)
3 IIS Server Configuration HAProxy Key Points Additional Configuration Options & Settings SSL Certificates Installed on the IIS Servers Installed on the Load balancer (aka SSL off-loading)...36 Grouping Multiple Ports on a Single Virtual Service (VIP)...43 Layer 4 Using Firewall Marks Layer 7 By Defining Multiple Ports Real Server (IIS) Health Checks Layer Layer Using Server Feedback Agents Layer Load Balancer Transparency Layer 4 DR & NAT Mode Layer 7 TProxy Layer 7 X-Forwarded-For Headers Testing & Validation Monitoring Layer Layer Technical Support Conclusion Appendix Clustered Pair Configuration Adding a Slave Unit Company Contact Information
4 About this Guide This guide details the configuration of Loadbalancer.org appliances for deployment with Microsoft Internet Information Services (IIS). For an introduction on setting up the appliance as well as more technical information, please also refer to our quick-start guides and full administration manuals which are available at the following links: Version 7.x Quickstart guide: Administration manual: Version 6.x Quickstart guide: Administration manual: Appliances Supported All our products can be used with IIS. The complete list of models is shown below: Enterprise R16 Enterprise Enterprise MAX Enterprise 10G Enterprise VA Enterprise VA R16 For a full specification comparison of these models please refer to: Microsoft IIS Software Versions Supported Microsoft IIS all versions Loadbalancer.org Software Versions Supported v7.3.2 and later v6.15 and later 4
5 Microsoft Internet Information Services (IIS) IIS is one of the components of Microsoft Windows and is Microsoft's implementation of a web server. The protocols supported include HTTP, HTTPS, FTP, FTPS, SMTP & NNTP. The latest release is v8.0 which is part of Windows IIS 8.0 is built on an open and modular architecture that allows users to customize and add new features through various IIS Extensions. It's estimated that around 25% of all websites utilize IIS. Load Balancing IIS The Basics Sharing the Load The primary function of the load balancer is to distribute inbound requests across multiple IIS servers. This allows administrators to configure multiple servers and easily share the load between them. A Virtual Server/Service (VIP) is configured on the load balancer and the related IIS servers are then defined. Clients then connect to the VIP rather than individual IIS servers. Incoming requests are then distributed to the IIS servers based on the algorithm selected (e.g. round robin, least connection). Adding additional capacity as demand grows then becomes straight forward and can be achieved by simply associating additional IIS servers to the Virtual Server/Service. NOTE: Prior to v7.5 a VIP is known as a 'Virtual Server', from v7.5 onwards it's known as a 'Virtual Service'. Providing Resilience Typically, two appliances are deployed. This ensures that a single point of failure is not introduced. A heartbeat signal between the pair is used to ensure that should the active unit fail, the passive unit takes over. IIS Server Health-checks Regular IIS server monitoring ensures that failed servers are marked as down and client requests are only directed to functional servers. Ports & Protocols The following table shows the ports that are normally used with IIS for web based applications using HTTP and HTTPS: 80 HTTP Protocol 443 HTTPS Protocol 5
6 SSL & Certificates For secure websites & web pages, SSL is used. This ensures that data is encrypted between client and server. SSL certificates can be installed on the load balancer (aka SSL off-loading) or on the IIS servers. When terminating SSL on the load balancer, it's important to consider that data is not secured between the load balancer and the back-end IIS servers and is transmitted unencrypted. For more details see p NOTE: SSL termination on the load balancer can be very CPU intensive. In most cases, for a scalable solution, terminating SSL on the IIS servers is the best option. Persistence (aka Server Affinity) Ideally, persistence should be considered at the start of any IIS project. A database is typically used to maintain session information. This information is then available to all IIS servers so that whenever a user connects, any previous session details can be accessed. If this structure is not in place, persistence can be implemented on the load balancer. For HTTP, this can be either based on source IP address or cookies, both methods ensure that repeated connections from a particular client within a session are always sent to the same back-end IIS server. 6
7 Deployment Architecture The following diagram provides a simply illustration to indicate how the load balancer is deployed with multiple IIS servers. client requests IIS 1 Load Balancer VIP (single unit or clustered pair) IIS 2 The load balancer can be deployed as a single unit, although Loadbalancer.org strongly recommends a clustered pair for resilience & high availability. 7
8 Load Balancer Deployment Methods Various deployment methods are supported. Each method is explained in the following sections. Layer 4 DR Mode (aka Direct Server Return) The one-arm direct routing (DR) mode offers the highest performance. Direct routing works by changing the destination MAC address of the incoming packet on the fly which is very fast When packets reach the IIS servers, their destination address is the VIP (i.e. the Virtual Server/Service). This means that each IIS server must be configured to respond to both its own IP address and the VIP address. Additionally, each IIS server must also be configured so it does not respond to ARP requests for the VIP (the load balancer must respond to these requests). This is known as 'solving the ARP problem'. This requires a loopback adapter to be installed and configured on each IIS server and additionally for Windows 2008 & 2012, the strong/weak host behavior must also be configured using a series of netsh commands Load balanced services can be configured directly on the interface (normally eth0) with no additional IP address. However, when using a clustered pair all load balanced virtual services must be configured on a floating IP to enable failover & failback between master & slave The Virtual Server/Service and IIS servers must be in the same switch fabric / logical network. They can be on different subnets, provided there are no router hops between them. If multiple subnets are used, an IP address in each subnet must be defined on the load balancer Port translation is not possible in DR mode i.e. having a different IIS server port to the Virtual Server/Service port DR mode is transparent, i.e. the IIS servers will log the source IP address of the client Administration of the load balancer is via any active IP address (on port 9080) 8
9 Network Address Translation (NAT Mode) Sometimes it's not possible to use DR mode. The two most common reasons being: if the application cannot bind to the RIP & VIP at the same time; or if the host operating system cannot be modified to handle the ARP problem. The second choice is Network Address Translation (NAT) mode. This is also a high performance solution but it requires the implementation of a two arm infrastructure with an internal and external subnet to carry out the translation (the same way a firewall works). In two-arm NAT mode the load balancer translates all requests from the external Virtual Server/Service to the internal IIS servers Normally eth0 is used for the internal network and eth1 is used for the external network although this is not mandatory. If the IIS Servers require Internet access, Autonat should be enabled using the WUI option: Edit Configuration > Layer 4 Advanced Configuration (prior to v7.5 the option is: Edit Configuration > Layer 4 Advanced Configuration), select the external interface When the wizard is used, the IIS Servers are automatically given access to the Internet through the load balancer (via Auto-NAT) The IIS servers must have their default gateway configured to point at the load balancer. When master & slave units are used, a floating IP must be used to enable failover Load balanced services can be configured directly on the interface (normally eth0) with no additional IP address. However, when using a clustered pair all load balanced virtual services must be configured on a floating IP to enable failover & failback between master & slave Normally the Virtual Server/Service and IIS servers should be located on different subnets within the same logical network (i.e. no router hops) and the load balancer should have an IP address in each subnet. N.B. It is possible to have IIS servers and Virtual Services in the same subnet please search for 'One-Arm (Single Subnet) NAT Mode' in the administration manual. N.B. It is possible to have the IIS servers located on routed subnets, but this would require a customized routing configuration on the IIS servers and is not recommended If you want the IIS servers to be accessible on their own IP address for non-load balanced services, e.g. SMTP or RDP, you will need to setup individual SNAT and DNAT firewall script rules for each IIS server. Please search for 'Enabling Access to non Load-Balanced Services' in the administration manual for more details NAT mode is transparent, i.e. the IIS servers will see the source IP address of the client Port translation is possible in NAT mode, i.e. VIP:80 RIP8080 is allowed 9
10 Layer 7 Source Network Address Translation (HAProxy) This mode supports both one-arm and two-arm configurations and has the advantage that no changes are required to the IIS servers. However, as the load balancer is acting as a full proxy it doesn't have the same raw throughput as the layer 4 routing based methods. The network diagram for the Layer 7 HAProxy SNAT mode is very similar to the Direct Routing example except that no re-configuration of the IIS servers is required. The load balancer proxies the application traffic to the servers so that the source of all traffic is the load balancer. As with other modes a single unit does not require a Floating IP, although it is recommended to make adding a slave unit easier SNAT is a full proxy and therefore load balanced IIS servers do not need to be changed in any way Because SNAT is a full proxy any server in the cluster can be on any accessible subnet including across the Internet or WAN SNAT is not transparent by default, i.e. the IIS servers will not see the source IP address of the client, they will see the load balancers IP address. If required, this can be solved by either enabling TProxy on the load balancer, or for HTTP, using X-forwarded-For headers. Details of both can be found on page 51. Loadbalancer.org Recommended Method Where possible, Loadbalancer.org recommends that Layer 4 Direct Routing (DR) mode is used. DR mode provides the best possible performance with minimal change to your existing infrastructure. Ultimately, the final choice will depend on your specific requirements and infrastructure. 10
11 Loadbalancer.org Appliance the Basics Network Configuration The IP address, default gateway and DNS settings can be configured in several ways depending on the version as detailed below. v7.5 & Later Configure the IP address, Default Gateway & DNS Settings Using the Network Setup Wizard at the console: After boot, follow the console instructions to configure the IP address, gateway and DNS settings.. Using the WUI: Using a browser, connect to the WUI on the default IP address/port: to set the IP address use: Local Configuration > Network Interface Configuration to set the default gateway use: Local Configuration > Routing to configure DNS settings use: Local Configuration > Hostname & DNS Using Linux commands: At the console, set the initial IP address using the following command: ip addr add <IP address>/<mask> dev eth0 e.g. ip addr add /24 dev eth0 At the console, set the initial default gateway using the following command: route add default gw <IP address> <interface> e.g. route add default gw eth0 At the console, set the DNS server using the following command: echo nameserver <IP address> >> /etc/resolv.conf e.g. echo nameserver >> /etc/resolv.conf N.B. If this method is used, you must also configure these settings using the WUI, otherwise settings will be lost after a reboot v7.3.2 v7.4.3 Configure the IP address & Default Gateway Using the Network Setup Wizard at the console: After boot, follow the console instructions to configure the IP address and gateway using the Network Setup Wizard. N.B. For these software versions the network setup wizard does not support DNS server configuration. DNS servers must be defined using the WUI or Linux commands as explained below. 11
12 Configure the IP address, Default Gateway & DNS Settings Using the WUI: Using a browser, connect to the WUI on the default IP address:port: to set the IP address use: Edit Configuration > Network Interface Configuration to set the default gateway use: Edit Configuration > Routing to configure DNS settings use: Edit Configuration > Hostname & DNS Using Linux commands: At the console, set the initial IP address using the following command: ip addr add <IP address>/<mask> dev eth0 e.g. ip addr add /24 dev eth0 At the console, set the initial default gateway using the following command: route add default gw <IP address> <interface> e.g. route add default gw eth0 At the console, set the DNS server using the following command: echo nameserver <IP address> >> /etc/resolv.conf e.g. echo nameserver >> /etc/resolv.conf N.B. If this method is used, you must also configure these settings using the WUI, otherwise settings will be lost after a reboot v6.x Configure the IP address, Default Gateway & DNS Settings Using the WUI: Using a browser, connect to the WUI on the default IP address:port: to set the IP address & default gateway use: Edit Configuration > Network Interface Configuration to configure DNS settings use: Edit Configuration > DNS & Hostname N.B. The Virtual Appliance attempts to use DHCP to obtain its initial IP address, default gateway and DNS settings. The IP address allocated will be displayed on the console once the boot process is complete Using Linux commands: At the console, set the initial IP address using the following command: ifconfig eth0 <IP address> netmask <netmask> up e.g. ifconfig eth netmask up At the console, set the initial default gateway using the following command: route add default gw <IP address> <interface> e.g. route add default gw eth0 At the console, set the DNS server using the following command: echo nameserver <IP address> >> /etc/resolv.conf e.g. echo nameserver >> /etc/resolv.conf N.B. If this method is used, you must also configure these settings using the WUI, otherwise settings will be lost after a reboot 12
13 Accessing the Web User Interface (WUI) The WUI can be accessed from a browser at: * Note the port number 9080 (replace with the IP address of your load balancer if changed from the default) Username: loadbalancer Password: loadbalancer Once you have entered the logon credentials the Loadbalancer.org Web User Interface will be displayed as shown below: v7.x The screen shot below shows the V7.5 WUI once logged in: 13
14 v6.x The screen shot below shows the V6.21 WUI once logged in: Clustered Pair Configuration Loadbalancer.org recommend that load balancer appliances are deployed in pairs for high availability. In this guide single units are deployed first, adding a secondary slave unit is covered in the Appendix. NOTE: It's highly recommended that you have a working IIS environment first before implementing the load balancer. N.B. The steps presented in the following sections cover versions v6.x, v7.3.2 thru v7.4.3 and v7.5 & later of the Appliance. 14
15 Implementing IIS using Layer 4 DR Mode Overview Configure the Network Interface A single Interface is needed, eth0 is normally used Configure the Virtual Server/Service (VIP) All IIS servers are accessed via this IP address Configure the Real Servers (RIPs) Define the servers that make up the IIS cluster Configure the IIS Servers In DR mode, the 'ARP Problem' must be solved on each IIS server Load Balancer Configuration Configure the Network Interface One interface is required. Pages 11 & 12 of this guide covers the various methods available to configure network settings for both v6.x and v7.x. Configure the Virtual Server/Service (VIP) v7.x NOTE: Prior to v7.5 a VIP is known as a 'Virtual Server', from v7.5 onwards it's known as a 'Virtual Service'. For simplicity the example configuration steps below refer to 'Virtual Service' in all cases. v7.5 & later Go to Cluster Configuration > Layer 4 Virtual Services and click [Add a New Virtual Service] v7.3.2 v7.4.3 Go to Edit Configuration > Layer 4 Virtual Server and click [Add a New Virtual Server] Enter the following details: 15
16 Enter an appropriate name (Label) for the VIP, e.g. IIS-Cluster Set the Virtual Service IP address field to the required IP address, e.g Set the Virtual Service Ports field to 80 Ensure that Forwarding Method is set to Direct Routing If required, change Persistent to Yes Click Update Now click [Modify] next to the newly created Virtual Service Set Balance Mode (the load balancing algorithm) according to your needs Click Update v6.x Go to Edit Configuration > Virtual Server and click [Add a new Virtual Server] Enter an appropriate name (Label) for the Virtual Server, e.g. IIS-Cluster Enter the following details: Change the Virtual Server (ipaddress:port) field to <the required IP>:80, e.g :80 If required, change Persistent to Yes Click Update Now click [Modify] next to the newly created Virtual Server Set Scheduler (the load balancing algorithm) according to your needs Ensure that Forwarding Method is set to DR Click Update 16
17 Configure the Real Servers (RIPs) v7.x v7.5 & later Go to Cluster Configuration > Layer 4 Real Servers and click [Add a New Real Server] next to the newly created Virtual Service v7.3.2 v7.4.3 Go to Edit Configuration > Layer 4 Real Servers and click [Add a new Real Server] next to the newly created Virtual Server Enter the following details: Enter an appropriate name (Label) for the first IIS server, e.g. IIS1 Change the Real Server IP Address field to the required IP address (e.g ) Click Update Repeat the above steps for your other IIS server(s) The configured Real Servers: 17
18 v6.x Using the WUI, go to Edit Configuration > Real Servers and click [Add a new Real Server] next to the newly created VIP Enter the following details: Enter an appropriate name (Label) for the first IIS server, e.g. IIS-1 Change the Real Server (ipaddress:port) field to <the required IP>:80, e.g :80 Click Update Repeat the above steps for your other IIS server(s) The configured Real Servers: 18
19 IIS Server Configuration Solve the 'ARP Problem' As mentioned previously, DR mode works by changing the MAC address of the incoming packet. Therefore the load balancer and the IIS servers must both be configured to accept traffic for the same IP address. However, only the load balancer should respond to ARP requests. To achieve this, a loopback adapter is added to the IIS servers. The IP address is then set to be the same as the Virtual Service and is also configured so that it does not respond to ARP requests. For specific configuration steps for Windows 2000/2003 and Windows 2008/2012, please refer to the appropriate full admin manual referenced at the start of this guide and search for 'ARP Problem' and follow the steps for your particular version of Windows. Configure IIS Bindings By default, IIS listens on all configured IP addresses as shown below: If the default configuration is left, no further IIS configuration is required. If you do change the IP address in the bindings from All Unassigned to a specific IP address, then you need to make sure that you also add a binding for the Virtual Service IP address (VIP) as shown below: In this example, is the main NIC interface for the IIS server and is the Virtual Service's IP address (assigned to the loopback Interface). This ensures that IIS responds to both the RIP and the VIP. 19
20 DR Mode Key Points You must solve the 'ARP Problem' on all IIS servers in the cluster (please refer to the administration manual) Virtual Servers/Services & Real Servers (i.e. the IIS servers) must be within the same switch fabric. They can be on different subnets but this cannot be across a router this is due to the way DR mode works, i.e. by changing MAC addresses to match the destination server Port translation is not possible, e.g. VIP:80 IIS:82 is not allowed. The port used for the VIP & RIP must be the same IIS bindings must include the Virtual Server/Service IP (VIP) address this is the default for IIS when 'All Unassigned' is selected 20
21 Implementing IIS using Layer 4 NAT Mode Overview Configure the Network Interfaces Two interfaces must be used located on different subnets. This can either be two physical interfaces such as eth0 and eth1, or one physical interface such as eth0 and an additional alias/secondary interface Configure the Virtual Server/Service (VIP) All IIS servers are accessed via this IP address Configure the Real Servers (RIPs) Define the servers that make up the IIS cluster Configure the IIS Servers In NAT mode, the IIS servers default gateway must be configured to be an IP address on the load balancer Load Balancer Configuration Configure the Network Interfaces v7.x Set the first IP address using one of the methods listed on pages 11 & 12 of this guide Using the WUI, define an additional IP address in a different subnet either by using 2 separate interfaces or a single interface with an additional alias (secondary) address as shown below: Using Separate Interfaces 21
22 Using a Single Interfaces with an alias/secondary IP v6.x Set the first IP address using one of the methods listed on pages 11 & 12 of this guide Using the WUI, define an additional IP address in a different subnet either by using 2 separate interfaces or a single interface with an additional alias (secondary) address as shown below: Using Separate Interfaces N.B. Normally eth0 is used for the internal subnet and eth1 is used for the external subnet although this is not mandatory. Using a Single Interfaces with an Alias Expand Aliases, click [add new Alias] and enter the second IP address and netmask as shown in the example below: 22
23 Configure the Virtual Server / Service (VIP) v7.x NOTE: Prior to v7.5 a VIP is known as a 'Virtual Server', from v7.5 onwards it's known as a 'Virtual Service'. For simplicity the example configuration steps below refer to 'Virtual Service' in all cases. v7.5 & later Go to Cluster Configuration > Layer 4 Virtual Services and click [Add a New Virtual Service] v7.3.2 v7.4.3 Go to Edit Configuration > Layer 4 Virtual Server and click [Add a New Virtual Server] Enter the following details: Enter an appropriate name (Label) for the VIP, e.g. IIS-Cluster Set the Virtual Service IP address field to the required IP address, e.g Set the Virtual Service Ports field to 80 Ensure that Forwarding Method is set to NAT If required, change Persistent to Yes Click Update Now click [Modify] next to the newly created Virtual Service Set Balance Mode (the load balancing algorithm) mode according to your needs Click Update 23
24 v6.x Go to Edit Configuration > Virtual Services and click [Add a new Virtual Server] Enter an appropriate name (Label) for the Virtual Server, e.g. IIS-Cluster Enter the following details: Change the Virtual Server (ipaddress:port) field to <the required IP>:80, e.g :80 If required, change Persistent to Yes Click Update Now click [Modify] next to the newly created Virtual Server Set Scheduler (the load balancing algorithm) according to your needs Ensure that Forwarding Method is set to NAT Click Update 24
25 Configure the Real Servers (RIPs) v7.x v7.5 & later Go to Cluster Configuration > Layer 4 Real Servers and click [Add a New Real Server] next to the newly created Virtual Service v7.3.2 v7.4.3 Go to Edit Configuration > Layer 4 Real Servers and click [Add a new Real Server] next to the newly created Virtual Server Enter the following details: Enter an appropriate name (Label) for the first IIS server, e.g. IIS-1 Change the Real Server IP Address field to the required IP address (e.g ) Set the Real Server Port field to 80 Click Update Repeat the above steps for your other IIS server(s) The Configured Real Servers: 25
26 v6.x Go to Edit Configuration > Real Servers and click [Add a new Real Server] next to the newly created Virtual Server Enter the following details: Enter an appropriate name (Label) for the first IIS server, e.g. IIS-1 Change the Real Server (ipaddress:port) field to <the required IP>:80, e.g :80 Ensure that Forwarding Method is set to NAT Click Update Repeat the above steps for your other IIS server(s) The Configured Real Servers: 26
27 IIS Server Configuration Default Gateway The default gateway on each IIS server must be configured to be an IP address on the load balancer. It's possible to use the internal IP address on eth0 for the default gateway, although it's recommended that an additional floating IP is created for this purpose. This is required if two load balancers (our recommended configuration) are used. In this scenario if the master unit fails, the floating IP will be brought up on the slave and failover will be seamless. To create a floating IP address on the load balancer: v6.x & v7.x Go to Edit Configuration > Floating IP(s) Enter the required IP address to be used for the default gateway and click Update. Once added, there will be two floating IP's, one for the Virtual Service ( ) and one for the default gateway (e.g ) as shown below: NAT Mode Key Points Virtual Servers/Services & Real Servers (i.e. the IIS servers) must be on different subnets The default gateway on the IIS servers should be an IP address on the load balancer Port translation is possible, e.g. VIP:80 RIP:8080 is allowed 27
28 Implementing IIS using Layer 7 SNAT (HAProxy) Mode Overview Configure the Network Interface(s) HAProxy can be deployed in single-arm or two-arm mode. As with layer 4 NAT mode, with a two-arm Layer 7 configuration, this can be either two physical interfaces such as eth0 and eth1, or one physical interface such as eth0 and an alias/secondary interface such as eth0:0 Configure the Virtual Service (VIP) All IIS servers are accessed via this IP address Configure the Real Servers (RIPs) Define the IIS servers that make up the IIS cluster Configure the IIS Servers No Real Server changes are required Load Balancer Configuration (single-arm example) Configure the Network Interface One interface is required. Pages 11 & 12 of this guide covers the various methods available to configure network settings for both v6.x and v7.x. Configure the Virtual Server / Service (VIP) v7.x NOTE: Prior to v7.5 a VIP is known as a 'Virtual Server', from v7.5 onwards it's known as a 'Virtual Service'. For simplicity the example configuration steps below refer to 'Virtual Service' in all cases. v7.5 & later Go to Cluster Configuration > Layer 7 Virtual Services and click [Add a New Virtual Service] v7.3.2 v7.4.3 Go to Edit Configuration > Layer 7 Virtual Server and click [Add a New Virtual Server] Enter the following details: 28
29 Enter an appropriate name (Label) for the Virtual Service, e.g. IIS-Cluster Set the Virtual Service IP address field to the required IP address, e.g Set the Virtual Service Ports field to 80 Change Persistence mode according to your needs Click Update Now click [Modify] next to the newly created Virtual Service Set Balance mode (the load balancing algorithm) mode according to your needs Click Update v6.x Go to Edit Configuration > Virtual Server (HAProxy) and click [Add a new Virtual Server] Enter an appropriate name (Label) for the Virtual Server, e.g. IIS-Cluster Enter the following details: Change the Virtual Server (ipaddress:port) field to <the required IP>:80, e.g :80 Change Persistence mode according to your needs Click Update Now click [Modify] next to the newly created Virtual Server Set Balance mode (the load balancing algorithm) mode according to your needs Click Update 29
30 Configure the Real Servers (RIPs) v7.x v7.5 & later Go to Cluster Configuration > Layer 7 Real Servers and click [Add a New Real Server] next to the newly created Virtual Service v7.3.2 v7.4.3 Go to Edit Configuration > Layer 7 Real Servers and click [Add a new Real Server] next to the newly created Virtual Server Enter the following details: Enter an appropriate name (Label) for the first IIS server, e.g. IIS-1 Change the Real Server IP Address field to the required IP address (e.g ) Set the Real Server Port field to 80 Click Update Repeat the above steps for your other IIS server(s) The Configured Real Servers: 30
31 v6.x Go to Edit Configuration > Real Servers (HAProxy) and click [Add a new Real Server] next to the newly created Virtual Server Enter the following details: Enter an appropriate name (Label) for the first IIS server, e.g. IIS-1 Change the Real Server (ipaddress:port) field to <the required IP>:80, e.g :80 Click Update Repeat the above steps for your other IIS server(s) The Configured Real Servers: 31
32 IIS Server Configuration In SNAT (HAProxy) mode, no IIS server configuration changes are required. HAProxy Key Points Virtual Servers/Services & Real Servers (the IIS servers) can be on the same or different subnets Port translation is possible, e.g. VIP:80 RIP:8080 is allowed No configuration changes are required to the IIS servers Not as fast as Layer 4 DR mode or NAT mode 32
33 Additional Configuration Options & Settings SSL Certificates 1 Installed on the IIS Servers When certificates are installed on the IIS servers: It's not possible to use HTTP cookie persistence since packets are encrypted and therefore the cookie cannot be read. If persistence via the load balancer is required, IP persistence must be used Data is encrypted from client to server. This provides full end-to-end data encryption as shown in the diagram below: Creating a CSR (Steps shown are for Windows 2008 R2) To generate a certificate for IIS the first step is to create a Certificate Signing Request (CSR) 1. Select the IIS server in IIS Manager then double-click Server Certificates 33
34 2. In the actions section on the right hand side of the screen, select Create Certificate Request, fill in the relevant details as per the example below, then click Next 3. Leave the default settings and click Next 4. Where prompted on the following screen enter a suitable filename, e.g. c:\csr.txt and click Finish 5. Use this saved CSR with your chosen Certificate Authority to obtain your certificate 6. Once you've received your certificate from the CA, save it as a text file 34
35 7. To install the certificate on the IIS server select Complete Certificate Request in the action section of Server Certificates in IIS Manager, then specify the filename and a friendly name and click OK 8. At this point depending on your specific version of Windows, you may receive the message shown below. This is a known issue that occurs because the friendly certificate name entered in step 7 above in not being read correctly For more details please refer to Note that the certificate has been installed and can be seen in IIS Manager under Server Certificates 9. Now amend the site bindings to include HTTPS and the newly installed certificate 35
36 2 Installed on the Load balancer (aka SSL off-loading) - When certificates are installed on the load balancer: It's possible to use HTTP cookie based persistence Since SSL is terminated on the load balancer, data from the load balancer to the IIS servers is not encrypted as shown in the diagram below. This may or may not be an issue depending on the network structure between the load balancer and IIS servers and your security requirements A Pound or STunnel SSL VIP can be used to terminate SSL (N.B. STunnel in only available in v7.5 and later). The backend for this VIP can be either a Layer 4 NAT mode Virtual Service or a Layer 7 HAProxy Virtual Service. The following diagram shows this: N.B. It's not possible to use a layer 4 DR mode Virtual Service in this scenario NOTE: SSL termination on the load balancer can be very CPU intensive. In most cases, for a scalable solution, terminating SSL on the IIS servers is the best option. Exporting Certificates from Windows / Importing to the load balancer (Steps shown for Windows 2008 R2) It's often easiest to get the certificate working on the IIS server first, then export the certificate and import this to the load balancer. The steps for Windows 2008 R2 for this process are as follows: 36
37 1. Once the certificate is working correctly on your Windows server, run mmc, and add the certificates snap-in. Expand the Personal folder and click on Certificates your certificate should be here. Rightclick the certificate and select All Tasks > Export. This will start the Certificate Export Wizard as shown below: 2. Click Yes to export the private key and click Next 37
38 3. Check Include all Certificates in the certification path if possible and click Next 4. Enter a password to secure the private key and click Next 38
39 5. Enter a folder & filename for the exported certificate and click Next 6. Now click Finish to complete the wizard, the following confirmation should be shown: 7. The load balancer requires certificates in PEM format so the PFX file must be converted. Openssl can be used for this and can be downloaded for free as a Windows installer from the following location: At this URL you'll need to download and install the Visual C Redistributable, then download either the light or full version of OpenSSL. Once installed, you'll have an OpenSSL directory located on your filesystem (default location c:\openssl) 8. Once Openssl is installed, In a command window, browse to C:\openSSL\bin and run the following command (adjusted with required paths & filenames) to convert the.pfx file to a.pem file: openssl pkcs12 -in c:\cert.pfx -nodes -out c:\cert.pem (You will be prompted for the password that was used to create the.pfx file in step 4 above) 9. Now create either a Pound or STunnel (v7.5 and later) VIP on the load balancer. For the VIP you can use the same IP address as your HAProxy or NAT VIP created earlier with port 443 for HTTPS. The 39
40 IP address & port for the Backend Cluster should be set the same as your HAProxy or NAT mode VIP as detailed below: v7.x NOTE: Prior to v7.5 a VIP is known as a 'Virtual Server', from v7.5 onwards it's known as a 'Virtual Service'. For simplicity the example configuration steps below refer to 'Virtual Service' in all cases. V7.5 and later supports STunnel for SSL termination. This is the default, but Pound cal also be selected if required using the SSL Terminator radio button. v7.5 & later Go to Cluster Configuration > SSL Termination and click [Add a New Virtual Service] v7.3.2 v7.4.3 Go to Edit Configuration > SSL Termination and click [Add a New Virtual Server] Enter the following details (shows STunnel example which is the default terminator for v7.5): 40
41 Enter an appropriate name (Label) for the VIP, e.g. IIS-SSL Change the Virtual Service IP address field to the required value, e.g Change the Virtual Service Port field to the required value, e.g. 443 Change the Backend Virtual Service IP Address field to the required value, e.g Change the Backend Virtual Service Port field to the required value, e.g. 80 The remaining options can be left at their default values Click Update The Configured SSL Virtual Service: v6.x Go to Edit Configuration > SSL Termination (Pound) and click [Add a new Virtual Server] Change the Virtual Server (ipaddress:port) field to <the required IP>:443, e.g :443 Set the Backend Cluster to be the required backend, i.e. a Layer 7 or Layer 4 NAT mode VIP Enter the following details: The remaining options can be left at their default values Click Update 41
42 The Configured SSL Virtual Server: 10. Now upload the PEM format certificate to the newly created SSL VIP: v7.x v7.5 & later Go to Cluster Configuration > SSL Termination and click [Certificate] next to the relevant VIP v7.3.2 v7.4.3 Go to Edit Configuration > SSL Termination and click [Certificate] next to the relevant VIP Using the browse option, select the.pem file created in step 8 Click Upload Signed Certificate A message will be displayed confirming the upload The Certificate State field will change to Signed Certificate Installed as shown below: v6.x Go to Edit Configuration > SSL Termination (Pound) and click [Modify] next to the Pound VIP Using the Browse option, select the.pem file created in step 8 Click Upload PEM file A message will be displayed confirming the upload 11. Now restart STunnel (v7.5 & later only) or Pound: v7.x Go to: Maintenance > Restart Services and click Restart STunnel or Restart Pound v6.x Go to: Maintenance > Restart Pound-SSL Once restarted your secure website should be accessible at: IP Address> 42
43 Grouping Multiple Ports on a Single Virtual Service (VIP) In certain circumstances it may be desirable to combine multiple ports in a single Virtual Server/Service. For example, if your IIS server has both HTTP and HTTPS content, you may want clients to connect to the same IIS server for both. This is especially useful if you need persistence as clients move from HTTP to HTTPS, e.g. an e-commerce web site without a proper back end database for session state. Layer 4 Using Firewall Marks The concept is to create a firewall rule that matches incoming packets to a particular IP and port, and mark them with an arbitrary integer. A Virtual Server/Service is then configured or modified, specifying the firewall mark instead of an IP and port. v7.x Firewall Marks are configured automatically when multiple ports are defined for a Layer 4 VIP. For example, to configure an HTTP/HTTPS Virtual Service, simply specify port 80 & 443 separated by a comma in the 'Virtual Service Ports' field as shown below: N.B. Under v7.x firewall marks can also be configured manually if needed, for details on this please refer to the V7 admin guide and search for the section - 'Firewall Marks Manual Configuration' v6.x Step 1 Modify the firewall script The Maintenance > Firewall Script page in the WUI includes some examples under the "FIREWALL MARKS" section as shown below. The example firewall mark shown can be un-commented and edited to suit your requirements. This example is for VIP address and marks incoming packets to both port 80 and 443 with the same value (in this case '1'). 43
44 Step 2 Create / modify the Virtual Server Next a new Virtual Server must be created or an existing one must be modified by entering the mark value "1" in the Virtual Server (ipaddress:port) field. All the other fields can be set as usual, and IIS servers can be associated with the VIP in the normal way. With a firewall mark VIP, the load balancer forwards traffic to the selected IIS server without changing the destination port. So, incoming traffic to port 80 on the Virtual IP will be forwarded to port 80 on one of the IIS servers and likewise, incoming traffic to port 443 will be forwarded to port 443 on the same IIS server. NOTE: If a firewall mark is configured by creating a new VIP rather than modifying an existing VIP, you'll also need to manually create a floating IP that corresponds to the required VIP address. To do this, use the WUI option: Edit Configuration > Floating IP's e.g. to configure firewall mark '1' by modifying an existing Virtual Service: would be changed to: Then, any incoming packets marked with a '1' will be associated with that VIP. Also ensure that: Protocol for the VIP is set to fwm Persistent for the VIP is set to Yes 44
45 Layer 7 By Defining Multiple Ports For Layer 7 VIPs, multiple ports can be defined as shown below: v7.x Simply specify all the required ports in the Virtual Server/Service Ports field separated by commas. v6.x Simply use the Extra Ports field to specify the additional ports. 45
46 Real Server (IIS) Health Checks The load balancer performs regular health checks to ensure that each server in the cluster is healthy and able to accept client connections. The health check options depend on whether the VIP is defined at layer 4 or layer 7 as outlined below. Layer 4 At layer 4, IIS server health checking is provided by ldirectord. This allows a full range of options to check that the IIS servers are operational, and if not what steps to take. The default check-type for new VIPs is a TCP connect to the port defined for the VIP. v6.x & v7.x For full details on the options available, please refer to the V6 or V7 admin manual referenced at the start of this guide and search for the section 'Health Monitoring'. Layer 7 By default layer 7 (HAProxy) VIPs also use a connect type health check on the same port specified in the Virtual Service. v6.x & v7.x For full details on the options available, please refer to the V6 or V7 admin manual referenced at the start of this guide and search for the section 'Health Monitoring'. 46
47 Using Server Feedback Agents Layer 4 The load balancer can modify the weight (amount of traffic) of each IIS server by gathering data from either a custom agent or an HTTP server. Just set the VIPs feedback method to agent. A telnet to port 3333 on an IIS Server with the agent installed will return the current CPU idle as an integer value in the range The load balancer typically expects a 0-99 integer response from the agent which relates to the CPU idle state, i.e. a response of 92 would imply that the IIS servers CPU is 92% idle. The load balancer will then use the formula (92/10*requested_weight) to find the new optimized weight. Using this method an idle IIS server will get 10 times as many new connections as an overloaded server. The feedback agent can be downloaded from: To install the Agent run LBCPUMonInstallation.msi click Next 47
48 select the installation folder and click Next click Next to start the installation N.B..NET Framework v3.5 is required by the agent and.net Framework v4.0 is required by the Monitor 48
49 Starting the Agent Once the installation has completed, you'll need to start the service on the IIS servers. The service is controlled by the Feedback Agent Monitor program that is also installed along with the Agent. The monitor can be accessed on the Windows server using: All Programs > Loadbalancer.org > Monitor. To start the service, click Start To stop the service, click Stop It's also possible to start the service using the services snap-in the service is called 'Loadbalancer CPU monitor'. N.B. The agent should be installed on all IIS servers in the cluster To Configure the Virtual Service to use the Agent v7.x NOTE: Prior to v7.5 a VIP is known as a 'Virtual Server', from v7.5 onwards it's known as a 'Virtual Service'. For simplicity the example configuration steps below refer to 'Virtual Service' in all cases. v7.5 & later Go to Cluster Configuration > Layer 4 Virtual Services v7.3.2 v7.4.3 Go to Edit Configuration > Layer 4 Virtual Services Click [Modify] next to the Virtual Service Change the Feedback Method to agent Click Update 49
50 v6.x Go to Edit Configuration > Virtual Services Click [Modify] next to the Virtual Service Change the Feedback Method to agent Click Update System Overview Monitoring Server Weights Prior to installing & activating the agent the System Overview would look similar to the following. Server weights are shown at the default of value of 1. Once the agents are installed on the IIS Servers and the feedback method is changed, the weights are updated: N.B. If the servers weights were set to 10 before the agent was installed, they would show an initial weight of 100 ((100/10)*10) under no load once the agent is installed. If one of the IIS servers is heavily loaded, the weight is adjusted accordingly a lower weight causes less sessions for that server. Here, CPU utilization on rip2 is high so the weight has been automatically reduced to 1: 50
51 Load Balancer Transparency Layer 4 DR & NAT Mode By default both Layer 4 modes are transparent. This means that IIS will log the actual IP address of the client rather than the IP address of the load balancer. Layer 7 TProxy When using HAProxy, the load balancer is not transparent by default. This means that the IP address of the load balancer will be captured and stored in the IIS logs. To get around this, TProxy can be enabled. TProxy enables the IIS servers behind a layer 7 HAProxy configuration to see the client source IP address. For this to work, the load balancer must be in a NAT configuration (i.e. both internal and external subnets) and the IIS servers must be configured to use the load balancer as their default gateway. To Enable TProxy: v7.x v7.5 & later Go to Cluster Configuration > Layer 7 Advanced Configuration v7.3.2 v7.4.3 Go to Edit Configuration > Layer 7 Advanced Configuration Change Transparent Proxy to On Click Update v6.x Go to Edit Configuration > Global Settings In the Layer 7 (HAProxy) subsection, change Transparent Proxy to On Click Update N.B. For more details on TProxy, please search for 'Using TProxy' in the v7.x administration manual available at the following link: Layer 7 X-Forwarded-For Headers Since the load balancer must be in a NAT configuration (i.e. the Virtual Server/Service and the IIS servers in different subnets) to utilize TProxy, it's not always an appropriate solution. In situations such as this, it's possible to use the X-Forwarded-For header that is included by default in all layer 7 VIPs. To enable IIS to support XFF headers, it does depend on the version on Windows being used. For IIS7 and later, IIS Advanced Logging can be installed and used. For IIS6, a 3 rd party application must be installed. Several options are available some free and some that must be paid for. One free solution that works very well is F5's X-Forwarded-For ISAPI Filter. Both options are covered in the following blog: 51
52 Testing & Validation Monitoring Layer 4 For Layer 4 Virtual Services, the following monitoring options are useful: System Overview (shows the total active and inactive connections for each VIP) v6.x View Configuration > System Overview v7.x System Overview Status (shows similar details to system overview) v6.x Reports > Status v7.x Reports > Layer 4 Status Current Connections (shows a detailed breakdown of all current connections) v6.x Reports > Current Connections v7.x Reports > Layer 4 Current Connections Graphs (shows various graphical reports for each VIP & RIP) v6.x Reports > Graphical Stats over time v7.x Reports > Graphing Logs are also available to help when diagnosing issues. Use the Logs menu option to view these. 52
53 Layer 7 For Layer 7 Virtual Services, the following monitoring options are useful: System Overview (shows the total connections for each VIP) v6.x View Configuration > System Overview v7.x System Overview Status (HAProxy) (displays a detailed real-time statistics page for all Layer 7 VIPS - requires a username & password use the default credentials) v6.x Reports > Status (HAProxy) v7.x Reports > Layer 7 Status Graphs (shows various graphical reports for each VIP & RIP) v6.x Reports > Graphical Stats over time v7.x Reports > Graphing Logs are also available to help when diagnosing issues. Use the Logs menu option to view these. Technical Support For more details or assistance with your deployment please don't hesitate to contact the support team: support@loadbalancer.org Conclusion Loadbalancer.org appliances provide a very cost effective and flexible solution for highly available load balanced Microsoft IIS environments. 53
Load Balancing Microsoft IIS. Deployment Guide
Load Balancing Microsoft IIS Deployment Guide rev. 1.4.2 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 4 Appliances Supported... 4 Microsoft IIS Software Versions Supported...
More informationLoad Balancing Microsoft Terminal Services. Deployment Guide
Load Balancing Microsoft Terminal Services Deployment Guide rev. 1.5.7 Copyright 2002 2016 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 4 Loadbalancer.org Appliances Supported... 4 Loadbalancer.org
More informationSmoothwall Web Filter Deployment Guide
Smoothwall Web Filter Deployment Guide v1.0.7 Copyright 2013 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 3 Loadbalancer.org Appliances Supported...3 Loadbalancer.org Software Versions
More informationLoad Balancing Bloxx Web Filter. Deployment Guide
Load Balancing Bloxx Web Filter Deployment Guide rev. 1.1.8 Copyright 2002 2016 Loadbalancer.org, Inc. 1 Table of Contents About this Guide...4 Loadbalancer.org Appliances Supported...4 Loadbalancer.org
More informationLoad Balancing Barracuda Web Filter. Deployment Guide
Load Balancing Barracuda Web Filter Deployment Guide rev. 1.1.4 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 3 Loadbalancer.org Appliances Supported...3 Loadbalancer.org
More informationLoad Balancing McAfee Web Gateway. Deployment Guide
Load Balancing McAfee Web Gateway Deployment Guide rev. 1.1.4 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 3 Loadbalancer.org Appliances Supported...3 Loadbalancer.org
More informationLoad Balancing Web Proxies Load Balancing Web Filters Load Balancing Web Gateways. Deployment Guide
Load Balancing Web Proxies Load Balancing Web Filters Load Balancing Web Gateways Deployment Guide rev. 1.4.9 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 3 Appliances
More informationLoad Balancing Sophos Web Gateway. Deployment Guide
Load Balancing Sophos Web Gateway Deployment Guide rev. 1.0.9 Copyright 2002 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide...3 Loadbalancer.org Appliances Supported...3 Loadbalancer.org
More informationLoad Balancing Clearswift Secure Web Gateway
Load Balancing Clearswift Secure Web Gateway Deployment Guide rev. 1.1.8 Copyright 2002 2016 Loadbalancer.org, Inc. 1 Table of Contents About this Guide...3 Loadbalancer.org Appliances Supported...3 Loadbalancer.org
More informationLoad Balancing Trend Micro InterScan Web Gateway
Load Balancing Trend Micro InterScan Web Gateway Deployment Guide rev. 1.1.7 Copyright 2002 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 3 Loadbalancer.org Appliances Supported...
More informationLoad Balancing Microsoft Remote Desktop Services. Deployment Guide
Load Balancing Microsoft Remote Desktop Services Deployment Guide rev. 1.0.5 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 4 Appliances Supported... 4 Microsoft Windows
More informationMcAfee Web Filter Deployment Guide
McAfee Web Filter Deployment Guide v1.0.7 Copyright 2013 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 3 Loadbalancer.org Appliances Supported...3 Loadbalancer.org Software Versions Supported...3
More informationLoad Balancing VMware Horizon View. Deployment Guide
Load Balancing VMware Horizon View Deployment Guide v1.1.0 Copyright 2014 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 4 Appliances Supported... 4 VMware Horizon View Versions Supported...4
More informationAppliance Quick Start Guide. v7.6
Appliance Quick Start Guide v7.6 rev. 1.0.7 Copyright 2002 2015 Loadbalancer.org, Inc. Table of Contents Loadbalancer.org Terminology... 4 What is a Virtual IP Address?... 5 What is a Floating IP Address?...
More informationLoad Balancing RSA Authentication Manager. Deployment Guide
Load Balancing RSA Authentication Manager Deployment Guide rev. 1.1.6 Copyright 2002 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide...3 Appliances Supported...3 RSA Authentication Manager
More informationLoad Balancing VMware Horizon View. Deployment Guide
Load Balancing VMware Horizon View Deployment Guide rev. 1.2.6 Copyright 2002 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide...4 Loadbalancer.org Appliances Supported...4 Loadbalancer.org
More informationLoad Balancing Microsoft Exchange 2016. Deployment Guide
Load Balancing Microsoft Exchange 2016 Deployment Guide rev. 1.0.1 Copyright 2002 2016 Loadbalancer.org, Inc. Table of Contents About this Guide... 4 Loadbalancer.org Appliances Supported... 4 Loadbalancer.org
More informationLoad Balancing Smoothwall Secure Web Gateway
Load Balancing Smoothwall Secure Web Gateway Deployment Guide rev. 1.1.7 Copyright 2002 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide...3 Loadbalancer.org Appliances Supported...3 Loadbalancer.org
More informationLoad Balancing Microsoft Sharepoint 2010 Load Balancing Microsoft Sharepoint 2013. Deployment Guide
Load Balancing Microsoft Sharepoint 2010 Load Balancing Microsoft Sharepoint 2013 Deployment Guide rev. 1.4.2 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 3 Appliances
More informationAppliance Quick Start Guide v8.1
Appliance Quick Start Guide v8.1 rev. 1.0.0 Copyright 2002 2016 Loadbalancer.org, Inc Table of Contents About this Guide... 5 About the Appliance... 5 Appliance Configuration Overview... 5 Appliance Security...
More informationMicrosoft Lync 2010 Deployment Guide
Microsoft Lync 2010 Deployment Guide v1.3.7 Copyright 2013 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 4 Appliances Supported... 4 Microsoft Lync 2010 Software Versions Supported...4
More informationClusterLoad ESX Virtual Appliance quick start guide v6.3
ClusterLoad ESX Virtual Appliance quick start guide v6.3 ClusterLoad terminology...2 What are your objectives?...3 What is the difference between a one-arm and a two-arm configuration?...3 What are the
More informationAppliance Quick Start Guide v6.21
Appliance Quick Start Guide v6.21 Copyright 2014 Loadbalancer.org, Inc. Table of Contents Loadbalancer.org terminology... 4 What is a virtual IP address?... 4 What is a floating IP address?... 4 What
More informationAppliance Administration Manual. v7.2
Appliance Administration Manual v7.2 This document covers all required administration information for Loadbalancer.org appliances Copyright 2002-2011 Loadbalancer.org, Inc. 1 Table of Contents Section
More informationAppliance Quick Start Guide. v7.6
Appliance Quick Start Guide v7.6 rev. 1.0.7 Copyright 2002 2015 Loadbalancer.org, Inc. Table of Contents Loadbalancer.org Terminology... 4 What is a Virtual IP Address?... 5 What is a Floating IP Address?...
More informationLoad Balancing Microsoft AD FS. Deployment Guide
Load Balancing Microsoft AD FS Deployment Guide rev. 1.1.1 Copyright 2002 2015 Loadbalancer.org, Inc. Table of Contents About this Guide...4 Loadbalancer.org Appliances Supported...4 Loadbalancer.org Software
More informationAppliance Administration Manual. v6.21
Appliance Administration Manual v6.21 This document covers all required administration information for Loadbalancer.org appliances Copyright 2014 Loadbalancer.org, Inc. Table of Contents Section A Introduction...7
More informationLoad Balancing Microsoft Lync 2010 Load Balancing Microsoft Lync 2013. Deployment Guide
Load Balancing Microsoft Lync 2010 Load Balancing Microsoft Lync 2013 Deployment Guide rev. 1.6.1 Copyright 2002 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide...4 Loadbalancer.org Appliances
More informationAppliance Quick Start Guide v6.21
Appliance Quick Start Guide v6.21 Copyright 2014 Loadbalancer.org, Inc. Table of Contents Loadbalancer.org terminology... 4 What is a virtual IP address?... 4 What is a floating IP address?... 4 What are
More informationLoad Balancing Microsoft 2012 DirectAccess. Deployment Guide
Load Balancing Microsoft 2012 DirectAccess Deployment Guide rev. 1.0.5 Copyright 2002 2015 Loadbalancer.org, Inc. Table of Contents About this Guide...4 Appliances Supported...4 Microsoft Windows Versions
More informationLoad Balancing Microsoft Exchange 2013. Deployment Guide
Load Balancing Microsoft Exchange 2013 Deployment Guide rev. 1.1.5 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 4 Appliances Supported... 4 Microsoft Exchange Software
More informationLoadbalancer.org. Loadbalancer.org appliance quick setup guide. v6.6
Loadbalancer.org Loadbalancer.org appliance quick setup guide v6.6 1 Confidentiality Statement All information contained in this proposal is provided in confidence for the sole purpose of adjudication
More informationAppliance Administration Manual. v7.5
Appliance Administration Manual v7.5 rev. 1.0.24 This document covers all required administration information for Loadbalancer.org appliances Copyright 2002 2014 Loadbalancer.org, Inc. Table of Contents
More informationLoad Balancing Microsoft Lync 2010. Deployment Guide
Load Balancing Microsoft Lync 2010 Deployment Guide rev. 1.5.4 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 4 Appliances Supported... 4 Microsoft Lync 2010 Software Versions
More informationLoad Balancing Oracle Application Server (Oracle HTTP Server) Quick Reference Guide
Load Balancing Oracle Application Server (Oracle HTTP Server) Quick Reference Guide v1.1.0 Oracle HTTP Server Ports By default Oracle HTTP Server listens on HTTP port 7777 and HTTPS is disabled. When HTTPS
More informationLoadbalancer.org Appliance Setup v5.9
Loadbalancer.org Appliance Setup v5.9 This document covers the basic steps required to setup the Loadbalancer.org appliances. Please pay careful attention to the section on the ARP problem for your real
More informationAppliance Administration Manual. v7.6
Appliance Administration Manual v7.6 rev. 1.2.1 This document covers all required administration information for Loadbalancer.org appliances Copyright 2002 2015 Loadbalancer.org, Inc. Table of Contents
More informationAvailability Digest. www.availabilitydigest.com. Redundant Load Balancing for High Availability July 2013
the Availability Digest Redundant Load Balancing for High Availability July 2013 A large data center can comprise hundreds or thousands of servers. These servers must not only be interconnected, but they
More informationLoad Balancing Medical Imaging & Information System Protocols. Deployment Guide
Load Balancing Medical Imaging & Information System Protocols Deployment Guide rev. 1.0.2 Copyright 2002 2016 Loadbalancer.org, Inc. Table of Contents About this Guide...3 Loadbalancer.org Appliances Supported...3
More informationLoad Balancing Microsoft Exchange 2010. Deployment Guide
Load Balancing Microsoft Exchange 2010 Deployment Guide rev. 1.7.9 Copyright 2002 2015 Loadbalancer.org, Inc. Table of Contents About this Guide...4 Loadbalancer.org Appliances Supported...4 Loadbalancer.org
More informationEnterprise AWS Quick Start Guide. v8.0.1
Enterprise AWS Quick Start Guide v8.0.1 rev. 1.1.4 Copyright 2002 2016 Loadbalancer.org, Inc Table of Contents Introduction... 4 About Enterprise AWS... 4 Main Differences to the Non-Cloud Product... 4
More informationAppliance Administration Manual v8.0
Appliance Administration Manual v8.0 rev. 1.1.0 Copyright 2002 2015 Loadbalancer.org, Inc Table of Contents Chapter 1 Introduction...9 About this Manual... 10 About the Appliance... 10 Version 8... 10
More informationDeployment Guide Microsoft IIS 7.0
Deployment Guide Microsoft IIS 7.0 DG_IIS_022012.1 TABLE OF CONTENTS 1 Introduction... 4 2 Deployment Guide Overview... 4 3 Deployment Guide Prerequisites... 4 4 Accessing the AX Series Load Balancer...
More informationLoad balancing Microsoft IAG
Load balancing Microsoft IAG Using ZXTM with Microsoft IAG (Intelligent Application Gateway) Server Zeus Technology Limited Zeus Technology UK: +44 (0)1223 525000 The Jeffreys Building 1955 Landings Drive
More informationLoad Balancing SIP Quick Reference Guide v1.3.1
Load Balancing SIP Quick Reference Guide v1.3.1 About this Guide This guide provides a quick reference for setting up SIP load balancing using Loadbalancer.org appliances. SIP Ports Port Protocol 5060
More informationMicrosoft Lync Server 2010
Microsoft Lync Server 2010 Scale to a Load Balanced Enterprise Edition Pool with WebMux Walkthrough Published: March. 2012 For the most up to date version of the Scale to a Load Balanced Enterprise Edition
More informationLoadMaster SSL Certificate Quickstart Guide
LoadMaster SSL Certificate Quickstart Guide for the LM-1500, LM-2460, LM-2860, LM-3620, SM-1020 This guide serves as a complement to the LoadMaster documentation, and is not a replacement for the full
More informationDeploying the Barracuda Load Balancer with Office Communications Server 2007 R2. Office Communications Server Overview.
Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2 Organizations can use the Barracuda Load Balancer to enhance the scalability and availability of their Microsoft Office Communications
More informationBarracuda Load Balancer Administrator s Guide
Barracuda Load Balancer Administrator s Guide Version 3.x Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2004-2010, Barracuda Networks
More informationInstalling and Configuring vcloud Connector
Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationSpecial Edition for Loadbalancer.org GmbH
IT-ADMINISTRATOR.COM 09/2013 The magazine for professional system and network administration Special Edition for Loadbalancer.org GmbH Under Test Loadbalancer.org Enterprise VA 7.5 Load Balancing Under
More informationDeployment Guide AX Series with Citrix XenApp 6.5
Deployment Guide AX Series with Citrix XenApp 6.5 DG_XenApp_052012.1 TABLE OF CONTENTS 1 Introduction... 4 1 Deployment Guide Overview... 4 2 Deployment Guide Prerequisites... 4 3 Accessing the AX Series
More informationMicrosoft Lync Server Overview
Organizations can use the to enhance the scalability and availability of their Microsoft Lync Server 2010 deployments (formerly known as Microsoft Office Communications Server). Barracuda Networks has
More informationF-Secure Messaging Security Gateway. Deployment Guide
F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4
More informationAppliance Administration v6.1
CLUSTERSCALE - CLUSTERLOAD Appliance Administration v6.1 This document covers all the required administration information for the ClusterLoad appliances. Please pay careful attention to the section on
More informationDeploying F5 with Microsoft Active Directory Federation Services
F5 Deployment Guide Deploying F5 with Microsoft Active Directory Federation Services This F5 deployment guide provides detailed information on how to deploy Microsoft Active Directory Federation Services
More informationIntroduction to Mobile Access Gateway Installation
Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure
More informationBest Practices: Pass-Through w/bypass (Bridge Mode)
Best Practices: Pass-Through w/bypass (Bridge Mode) EdgeXOS Deployment Scenario: Bridge Pass-Through This document is designed to provide an example as to how the EdgeXOS appliance is configured based
More informationDeployment Guide Oracle Siebel CRM
Deployment Guide Oracle Siebel CRM DG_ OrSCRM_032013.1 TABLE OF CONTENTS 1 Introduction...4 2 Deployment Topology...4 2.1 Deployment Prerequisites...6 2.2 Siebel CRM Server Roles...7 3 Accessing the AX
More informationUnifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway
Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...
More informationNEFSIS DEDICATED SERVER
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis
More informationLoad Balancing. Outlook Web Access. Web Mail Using Equalizer
Load Balancing Outlook Web Access Web Mail Using Equalizer Copyright 2009 Coyote Point Systems, Inc. Printed in the USA. Publication Date: January 2009 Equalizer is a trademark of Coyote Point Systems
More informationDeployment Guide AX Series with Active Directory Federation Services 2.0 and Office 365
Deployment Guide AX Series with Active Directory Federation Services 2.0 and Office 365 DG_ADFS20_120907.1 TABLE OF CONTENTS 1 Overview... 4 2 Deployment Guide Overview... 4 3 Deployment Guide Prerequisites...
More informationDeployment Guide July-2015 rev. A. Deploying Array Networks APV Series Application Delivery Controllers with VMware Horizon View
Deployment Guide July-2015 rev. A Deploying Array Networks APV Series Application Delivery Controllers with VMware Horizon View 1 Introduction... 2 1.1 VMware Horizon View... 2 1.2 Array Networks APV Series
More informationSuperLumin Nemesis. Administration Guide. February 2011
SuperLumin Nemesis Administration Guide February 2011 SuperLumin Nemesis Legal Notices Information contained in this document is believed to be accurate and reliable. However, SuperLumin assumes no responsibility
More informationDeploying F5 with Microsoft Remote Desktop Session Host Servers
Deploying F5 with Servers Welcome to the F5 deployment guide for Microsoft Remote Desktop Services included in Windows Server 2012 and Windows Server 2008 R2. This document provides guidance on configuring
More informationLoadbalancer.org Appliance Setup v4.1.5
Loadbalancer.org Appliance Setup v4.1.5 This document covers the basic steps required to setup the Loadbalancer.org appliances. Please pay careful attention to the section on the ARP problem for your real
More informationJeff Schertz MVP, MCITP, MCTS, MCP, MCSE
Jeff Schertz MVP, MCITP, MCTS, MCP, MCSE A comprehensive excerpt from Jeff Schertz s Lync Server MVP Blog Lync Web Services Load Balancing with KEMP VLM This article addresses a standard DNS Load Balanced
More informationZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy
ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to
More informationGuide to the LBaaS plugin ver. 1.0.2 for Fuel
Guide to the LBaaS plugin ver. 1.0.2 for Fuel Load Balancing plugin for Fuel LBaaS (Load Balancing as a Service) is currently an advanced service of Neutron that provides load balancing for Neutron multi
More informationConfiguring Load Balancing
When you use Cisco VXC Manager to manage thin client devices in a very large enterprise environment, a single Cisco VXC Manager Management Server cannot scale up to manage the large number of devices.
More informationBarracuda Load Balancer Administrator s Guide
Barracuda Load Balancer Administrator s Guide Version 3.3 Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2004-2010, Barracuda Networks
More informationDEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP LTM v10 with Citrix Presentation Server 4.5
DEPLOYMENT GUIDE Version 1.1 Deploying the BIG-IP LTM v10 with Citrix Presentation Server 4.5 Table of Contents Table of Contents Deploying the BIG-IP system v10 with Citrix Presentation Server Prerequisites
More informationApp Orchestration 2.5
Configuring NetScaler 10.5 Load Balancing with StoreFront 2.5.2 and NetScaler Gateway for Prepared by: James Richards Last Updated: August 20, 2014 Contents Introduction... 3 Configure the NetScaler load
More informationDEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5
DEPLOYMENT GUIDE Version 1.2 Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5 Table of Contents Table of Contents Deploying the BIG-IP system v10 with Microsoft IIS Prerequisites and configuration
More informationDEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with Microsoft Windows Server 2008 R2 Remote Desktop Services
DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP LTM with Microsoft Windows Server 2008 R2 Remote Desktop Services Deploying the BIG-IP LTM with Microsoft Windows Server 2008 R2 Remote Desktop Services
More informationBarracuda Link Balancer Administrator s Guide
Barracuda Link Balancer Administrator s Guide Version 1.0 Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2008, Barracuda Networks
More informationPenetration Testing LAB Setup Guide
Penetration Testing LAB Setup Guide (External Attacker - Intermediate) By: magikh0e - magikh0e@ihtb.org Last Edit: July 06 2012 This guide assumes a few things... 1. You have read the basic guide of this
More informationWeb Application Firewall
Web Application Firewall Getting Started Guide August 3, 2015 Copyright 2014-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
More informationConfiguring the BIG-IP and Check Point VPN-1 /FireWall-1
Configuring the BIG-IP and Check Point VPN-1 /FireWall-1 Introducing the BIG-IP and Check Point VPN-1/FireWall-1 LB, HALB, VPN, and ELA configurations Configuring the BIG-IP and Check Point FireWall-1
More informationDeploying the BIG-IP LTM v10 with Microsoft Lync Server 2010 and 2013
Deployment Guide Document version:.6 What's inside: Prerequisites and configuration notes 4 Configuration Flow 5 Configuring the BIG-IP system for Lync Server 00 and 0 8 Creating the irules Appendix A:
More information1:1 NAT in ZeroShell. Requirements. Overview. Network Setup
1:1 NAT in ZeroShell Requirements The version of ZeroShell used for writing this document is Release 1.0.beta11. This document does not describe installing ZeroShell, it is assumed that the user already
More informationCoyote Point Systems White Paper
Five Easy Steps to Implementing Application Load Balancing for Non-Stop Availability and Higher Performance. Coyote Point Systems White Paper Load Balancing Guide for Application Server Administrators
More informationDeploying F5 with Microsoft Remote Desktop Session Host Servers
Deployment Guide Deploying F5 with Microsoft Remote Desktop Session Host Servers Important: The fully supported version of this iapp has been released, so this guide has been archived. See http://www.f5.com/pdf/deployment-guides/microsoft-rds-session-host-dg.pdf
More informationMicrosoft Office Communications Server 2007 R2
Microsoft Office Communications Server 2007 R2 Scale to a Load Balanced Enterprise Edition Pool with WebMux Walkthrough Published: Sept. 2009 For the most up-to-date version of the Scale to a Load Balanced
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,
More informationDEPLOYMENT GUIDE. Deploying the BIG-IP LTM v9.x with Microsoft Windows Server 2008 Terminal Services
DEPLOYMENT GUIDE Deploying the BIG-IP LTM v9.x with Microsoft Windows Server 2008 Terminal Services Deploying the BIG-IP LTM system and Microsoft Windows Server 2008 Terminal Services Welcome to the BIG-IP
More informationDeployment Guide MobileIron Sentry
Deployment Guide MobileIron Sentry DG_MIS_052013.1 TABLE OF CONTENTS 1 Introduction... 3 2 Deployment Guide Overview... 3 3 Deployment Guide Prerequisites... 3 4 Accessing the AX Series Load Balancer...
More informationNSi Mobile Installation Guide. Version 6.2
NSi Mobile Installation Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 18, 2013 2 CONTENTS TABLE OF CONTENTS PREFACE... 5 Purpose of this Document... 5 Version Compatibility...
More informationSetting Up SSL on IIS6 for MEGA Advisor
Setting Up SSL on IIS6 for MEGA Advisor Revised: July 5, 2012 Created: February 1, 2008 Author: Melinda BODROGI CONTENTS Contents... 2 Principle... 3 Requirements... 4 Install the certification authority
More informationHow To Configure SSL VPN in Cyberoam
How To Configure SSL VPN in Cyberoam Applicable Version: 10.00 onwards Overview SSL (Secure Socket Layer) VPN provides simple-to-use, secure access for remote users to the corporate network from anywhere,
More informationApp Orchestration 2.0
App Orchestration 2.0 Configuring NetScaler Load Balancing and NetScaler Gateway for App Orchestration Prepared by: Christian Paez Version: 1.0 Last Updated: December 13, 2013 2013 Citrix Systems, Inc.
More informationTrend Micro Email Encryption Gateway 5
Trend Micro Email Encryption Gateway 5 Secured by Private Post Quick Installation Guide m Messaging Security Trend Micro Incorporated reserves the right to make changes to this document and to the products
More informationZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy
ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to
More informationSonicWALL SRA Virtual Appliance Getting Started Guide
COMPREHENSIVE INTERNET SECURITY SonicWALL Secure Remote Access Appliances SonicWALL SRA Virtual Appliance Getting Started Guide SonicWALL SRA Virtual Appliance5.0 Getting Started Guide This Getting Started
More informationDEPLOYMENT GUIDE Version 2.1. Deploying F5 with Microsoft SharePoint 2010
DEPLOYMENT GUIDE Version 2.1 Deploying F5 with Microsoft SharePoint 2010 Table of Contents Table of Contents Introducing the F5 Deployment Guide for Microsoft SharePoint 2010 Prerequisites and configuration
More informationGlobalSCAPE DMZ Gateway, v1. User Guide
GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical
More informationOverview of WebMux Load Balancer and Live Communications Server 2005
AVANU Load Balancing for Microsoft Office Live Communications Server 2005 WebMux Delivers Improved Reliability, Availability and Scalability Overview of WebMux Load Balancer and Live Communications Server
More informationALOHA Load Balancer Quickstart guide
ALOHA Load Balancer Quickstart guide Summary 1 Package contents... 3 2 Preparing your Aloha... 4 3 Cabling... 5 3.1 Howto... 5 3.2 ALBBOX Overview... 6 3.3 ALB2K Overview... 7 3.4 ALB4K, ALB8K and ALB16K
More informationUIP1868P User Interface Guide
UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting
More information