NTT Communications Cloudⁿ Load Balancing Advanced Operation Manual Ver.1.0 Please refrain from any secondary distribution (distributing, copying, or providing this booklet or any similar acts) of the content of the booklet. 1
Version Date of Update Revision Ver.1.0 September 26, 2013 First edition created 2
Contents 1 Introduction P4-1) Outlook of the Service 2) What Should Be Prepared in Advance 3) Starting to Use the LBA Service 2 Preparing the Use of the LBA Service P7 1) Starting Up the LBA Console 3 Using the LBA Service P8-1) Creating a New LBA (Basic Config) 2) Registering a Virtual Server under an LBA 3) Modifying an LBA (Detailed Setting) 4) Deleting an LBA 5) Registering an SSL Certificate 4 Precautions P23 1) Precautions for Creating an LBA 3
1-1) Outlook of the Service This manual describes the method of using Cloud n Load Balancing Advanced (LBA). Cloud n Load Balancing Advanced (LBA) is a load distribution service that automatically distributes application traffic to two or more Cloud n Compute virtual servers and is equivalent to Elastic Load Balancing (ELB) of AWS. By using Cloud n Load Balancing Advanced, a great amount of traffic coming over the Internet can be efficiently processed with two or more Cloud n Compute virtual servers in use, and it is possible to construct a scalable system that is not restricted by the performance of a single virtual server. Some major functions available are as described below. Red letters indicate the functions newly added from version 2. Distribution of Application Traffic When a load balancer is created, a special virtual server, called load balancer instance (LBI), is created in the zone specified at the time of creation, and the application traffic (HTTP and HTTP) arriving the virtual server is distributed to the Cloud n Compute virtual servers having been registered in advance. The number of LBI's automatically increases or decreases based on the number of average simultaneous connections. The type of load balance is layer 4 (TCP/SSL) and layer 7 (HTTP/HTTPS). The HTTP/HTTPS session from a client is terminated with LBI. By using Cookie, a session with a virtual server can be maintained. By registering the SSL certificate to the load balancer, SSL communications can be conducted from the client to the load balancer. Health Check The Cloud n Load Balancing Advanced service executes a health check on the virtual servers where the load is distributed, and, if a virtual server should fail to respond correctly, the virtual server is excluded from the destination of load distribution. Health checks also of excluded virtual servers are continuously executed, and an excluded virtual server is added to the destination of load distribution when it normally responds. As default, the health check of a virtual server is conducted with port 80 by using the TCP protocol. When the HTTP/HTTPS protocol is used for a health check, an access is made to a specific URL path, and a judgment is made depending on whether a successful response (a 200 number) is returned. Traffic to LBA is distributed with DNS round robin! DNS VM VM Internet User of an application program LBA itself scales up to process a large amount of traffic. VM 4
1-2) What Should Be Prepared in Advance To use Cloud n AutoScaling, the following prerequisites need to be prepared. Equipment to Connect to the Internet Prepare the equipment necessary to have an access to an intranet or the Internet such as a personal computer, a modem, and so forth. A Service to Connect to the Internet Prepare a service to connect to the Internet. Example: OCN Dial Access Service, OCN ADSL Connection Service, Super OCN, or other always-on connection service *An Internet connection service provided from some other company can be used. * If a proxy sever is used in the customer's company, check that "https (port number 443)" is open. Starting to Use the LBA Service From the Cloud n portal, start using the LBA service. For the method of starting to use the service, see section 3-1), "Starting to Use the Service" in "Cloud n Portal Operation Manual". 5
1-3) Starting to Use the LBA Service The use of the LBA service is started. 1 Login to the Cloudⁿ Portal, and hover the mouse over the "LBA" icon of the East Japan Region to view and click on "Sign Up Now". Click 2 The use of the LBA service is started. 6
2-1) Starting Up the LBA Console Start up the LBA console from the Cloud n Portal. 1 Login to the Cloudⁿ Portal, and hover the mouse over the "LBA" icon of the region of the use to view and click on "Console". Click 2 The LBA consol starts up in a new window, and "Load Balancing Advanced (LBA) List" is displayed as an initial screen. 7
3-1) Creating a New LBA (Basic Config) A new load balancer is created. 1 Click on the "Create (Basic Config)" button. 2 Enter the LBA name. If a listener needs to be added, fill in the listeners setting (LBA Protocol, LBA Port, Compute Protocol, Compute Port, and SSL Certificate), and click on the "Add" button. If HTTPS or SSL is selected as the LBA protocol, the SSL certificate is required. If TCP is selected as the Compute protocol, TCP or SSL can be selected as the LBA protocol. To fill in the SSL certificate, it is required to complete the registration of the SSL certificate in advance (see page 22). As default HTTP is included in the Listeners setting. If it is not required, it can be deleted. 8
3 3-1) Creating a New LBA (Basic Config) Check the Listeners setting, and click on the "OK" button. 4 An LBA is created when "OK" is clicked. The status changes from "Creating"to "Running" in several minutes, indicating the completion of creating the LBA. 9
3-2) Registering a Virtual Server under an LBA The following description uses a specific example to explain the method of registering a virtual server created separately on Compute (East Japan Region) to the load balancer created in section 3-1). 1 Click on the "Modify (Detailed Config)" button. 2 Click on "Instances". 10
3 3-2) Registering a Virtual Server under an LBA Select the virtual server to be registered to the LBA from "Your Instances (Unregistered with LBA)" in the lower part of the screen and click on the "Register Instances with LBA" button. 11
3-2) Registering a Virtual Server under an LBA 4 When a click is made on the "OK" button, the virtual server is registered to the LBA, and the virtual server registered to the "Instances Registered with LBA" is displayed. The status of the virtual server can be checked with a health check on the virtual server. "InService" denotes healthy servers, while "OutOfService denotes unhealthy servers. To conduct a health check, the health check setting needs to be completed in advance (see page 16). 12
3-3) Modifying an LBA (Detailed Setting) The Listeners setting (detailed setting) is to be made. 1 Click on the "Listeners" link. 2 The Listeners setting (detailed setting) of the LBA is to be made. Select a protocol, and click on the "Modify" button. 13
3 3-3) Modifying an LBA (Detailed Setting) Select the method of maintaining sessions. Select "Enable Load Balancer Generated Cookie Stickiness" and fill in the "Expiation Period". Or, select "Enable Application Generated Cookie Stickiness" and fill in the "Cookie Name". Check the settings, and click on the "OK" button. The Listeners settings (LBA Protocol, LBA Port, Compute Protocol, Compute Port, and SSL Certificate) can be also changed from the above screen. 14
4 3-3) Modifying an LBA (Detailed Setting) When a click is made on the "OK" button, the settings are changed. After the settings are hanged, the screen described above reappears. 15
3-3) Modifying an LBA (Detailed Setting) The health check settings are to be made. 5 Click on the "Health Check" link. 16
6 3-3) Modifying an LBA (Detailed Setting) Set up the method of the health check from the LBA to Compute, and click on the "OK" button. 17
7 3-3) Modifying an LBA (Detailed Setting) When a click is made on the "OK" button, the settings are changed. The screen does not change after the settings are changed. 18
3-3) Modifying an LBA (Detailed Setting) A security group (restriction on sending and receiving communications) is to be applied to the LBA. 8 Click on the "Security" link. 9 Select an applicable security group, and click on the "Apply" button. Make selection separately from the security groups having been created with the Compute (East Japan Region) service. 19
10 3-3) Modifying an LBA (Detailed Setting) When a click is made on the "OK" button, the settings are changed. The screen does not change after the settings are changed. 20
An LBA is to be deleted. 1 3-4) Deleting an LBA Select an LBA to be deleted, and click on the "Delete" button. 2 When a click is made on the "OK" button, the LBA is deleted. 21
An SSL certificate is to be registered. 1 3-5) Registering an SSL Certificate Click on the "SSL Certificates Registration" button. 2 Fill in "Certificate Name", "Private Key", "Certificate", and "Intermediate CA Certificate", and click on the "Register" button. 22
4-1) Precautions for Creating an LBA To use an LBA, it is required to use Compute and an LBA. Start using Compute form the Cloud n Portal. To define an alias of a DNS, use the Cloud n DNS. Upload SSL certificate documents in the X.509 PEM format. An SSL certificate registered to a listener cannot be deleted. When data is entered, pay attention not to enter a return code at the last. A session cannot be maintained if the LBA protocol is "TCP"/"SSL" with a listener. When Compute is registered, the Availability Zone of the LBA is changed depending on the Availability Zone of the Compute to be registered to the LBA. At this time, the following message appears: "To change the zone of the LBA, the list of LBA's is displayed. Do you want to continue?" Follow the message, and wait for the Availability Zone changing processing on the LBA list screen. As for the LBA, when Computes are registered, it is recommended that the same number of Computes should be assigned to each zone to distribute the load equally to each zone. 23