Radware s AppDirector and IBM s Lotus Domino Integration Guide

Radware s AppDirector and IBM s Lotus Domino Integration Guide Products: Radware AppDirector Software: AppDirector version 2.10.00 Platform: On-Demand Switch II XL http://www.radware.com/products/applicationdelivery/appdirector/default_techspec.aspx IBM Lotus Domino Software: Lotus Domino Client and Server release 8.5 Platform: IBM eserver xseries 336 (8837-HAX) http://www-03.ibm.com/systems/x/?cm_re=masthead-_-products-_-sys-xseries - 1 -

Table of Contents Joint Solution Overview...3 IBM Lotus Domino Overview...3 Benefits...3 Radware AppDirector Overview...4 AppDirector and Lotus Domino Integration...5 Diagram 1.0 - IBM Lotus Domino and AppDirector Validation Topology...6 Tests Conducted for Solution Validation...6 Table 1.0 - Test Conducted for Solution Validation...7 Subsystem Configurations and Deployment Notes...7 Lotus Domino Server Configuration...7 Diagram 2.0 - IBM Lotus Domino Server Replication Schema...8 Lotus Domino Client Configuration...9 Primary AppDirector Configuration...10 IP Configuration...11 Farm Configuration...12 Create Cache Policy...14 Create Compression Policy...15 Create SSL Certificate...16 Create SSL Policy...18 Create HTTP Policy...18 Create Layer 4 Policy...19 Configuring Select Server per Transaction for HTTP 1.1 Session Splitting...22 Configure Dynamic Layer 7 Persistency...23 Adding Servers to the Farms...24 Enabling Client NAT...28 Health Monitoring...29 Create the Health Monitoring Checks...30 Binding Health Checks to Servers...32 General Redundant Configuration Notes...34 Primary AppDirector VRRP Configuration...34 Primary Virtual Routers...35 Primary Associated IP Addresses...36 Primary Mirroring...38 Auto-Generate the Backup AppDirector Configuration...39 Setting up basic IP connectivity on the Backup AppDirector...39 Auto Generating the Backup Configuration from the Primary AppDirector...41 Upload the Backup Configuration file to the Backup AppDirector...42 Appendix...43 Appendix 1 - Primary AppDirector Configuration File...43 Appendix 2 - Backup AppDirector Configuration File...47-2 -

Joint Solution Overview The Radware and IBM Lotus Domino joint solution ensures IBM Lotus Domino customer s solution resilience, efficiency and scale. Radware s AppDirector guarantees Lotus Domino Business collaboration software maximum availability, scalability, performance and security, managing traffic for the Notes and Web services. AppDirector works in conjunction with IBM Lotus Domino servers to offload resource intensive processing, providing advanced health monitoring and avoiding system down time to deliver a best of breed subsystem. With a pay as you grow platform licensing model, AppDirector ensures long term investment protection facilitating incremental growth demanded by today s Business. Diagram 1.0 is a depiction of the intended deployment model. IBM Lotus Domino Overview IBM Lotus Domino software provides world-class collaboration capabilities that can be deployed as a core e-mail and enterprise scheduling infrastructure, as a business application platform, or both. Lotus Domino software and its client software options deliver a reliable, security-rich messaging and collaboration environment that helps companies enhance the productivity of people, streamline business processes and improve overall business responsiveness. Benefits Extends messaging with built-in collaboration tools Offers flexibility and choice in hardware platform, operating system, directory and client access Provides industry leading security features to help safeguard business-critical information Can help you reduce your total cost of ownership (TCO) by efficiently using CPU resources, network bandwidth and disk storage Maximizes server availability with advanced clustering, transaction logging, server fault recovery, and automated diagnostic tools Helps reduce time and costs associated with deploying and managing your infrastructure, through advanced administration features Supports Web services and open standards and offers tools for integration with existing applications Can contribute to rapid return on investment (ROI) with Lotus Domino software-powered solutions for your business processes, such as Customer Relationship Management, Supply Chain, and Project Tracking - 3 -

Can help protect the environment by minimizing the need for hardware oriented resources such as power consumption, memory, and data storage - as well as labor required for administrative tasks. Licensing Options Lotus Domino Messaging Server server for business e-mail, calendar, scheduling, discussion databases and more Lotus Domino Enterprise Server messaging server plus highly available platform to run custom or vendor applications Client Options IBM Lotus Notes software World class e-mail, calendar, scheduling, collaboration, and business mashups. IBM Lotus inotes software A flexible, high-function Web browser-based client option to use the reliable, security-rich messaging and collaboration capabilities of IBM Lotus Domino software, online and offline. IBM Lotus Notes Traveler software Wireless e-mail option that provides real-time synchronization of Lotus Domino e-mail and PIM data to supported mobile devices. For more information, please visit: http://ibm.com/software/lotus/notesanddomino Radware AppDirector Overview Radware s AppDirector is an intelligent application delivery controller (ADC) that provides scalability and application-level security for service infrastructure optimization, fault tolerance and redundancy. Radware combined its next-generation, OnDemand Switch multi-gigabit hardware platform with the powerful capabilities of the company s APSolute operating system classifier and flow management engine. The result AppDirector enables accelerated application performance; local and global server availability; and application security and infrastructure scalability for fast, reliable and secure delivery of applications over IP networks. AppDirector is powered by the innovative OnDemand Switch platform. OnDemand Switch, which has established a new price/performance standard in the industry, delivers breakthrough performance and superior scalability to meet evolving network and business requirements. Based on its on demand, pay-as-you-grow approach, no forklift upgrade is required even when new business requirements arise. This helps companies guarantee short-term and long-term savings on CAPEX and OPEX for full investment protection. Radware s OnDemand Switch enables customers to pay for the exact capacity currently required, while allowing - 4 -

them to scale their ADC throughput capacity and add advanced application-aware services or application acceleration services on demand to meet new or changing application and infrastructure needs. And it does it without compromising on performance. AppDirector lets you get the most out of your service investments by maximizing the utilization of service infrastructure resources and enabling seamless consolidation and high scalability. AppDirector s throughput licensing options allows pay as you grow investment protection. Make your network adaptive and more responsive to your dynamic services and business needs with AppDirector s fully integrated traffic classification and flow management, health monitoring and failure bypassing, traffic redirection, bandwidth management, intrusion prevention and DoS protection. For more information, please visit: http://www.radware.com/ AppDirector and Lotus Domino Integration Key features implemented on the AppDirector to support this solution: Service health monitoring Layer 7 load balancing Caching Compression SSL Offloading TCP Multiplexing VRRP - 5 -

Diagram 1.0 - IBM Lotus Domino and AppDirector Validation Topology Tests Conducted for Solution Validation The following tests were conducted to ensure the most appropriate solution was defined and validated. All tests were successfully completed using the AppDirector and IBM Lotus Domino configurations following Table 1.0. Load Distribution Tests Test Case Lotus Domino Notes User Community Traffic Management Lotus Domino Web Loadbalancing with Layer 7 Persistency Status PASS PASS - 6 -

Failover Tests Test Case Lotus Domino Notes User Community Primary/Backup Server Failover Lotus Domino Web Server Failover AppDirector Failover and Session State Mirroring Validation Status PASS PASS PASS Table 1.0 - Test Conducted for Solution Validation Subsystem Configurations and Deployment Notes The deployment notes section is meant to focus on the modification for Radware and Lotus Domino deviations from default settings. Where not specifically stated please follow normal installation instructions of the system. This is especially true for the IBM Lotus Domino Configurations. Lotus Domino Server Configuration The cluster includes 4 Domino Server running on Domino 8.5 Enterprise Server. The servers are arranged in two communities, See Diagram 1: Community 1 includes: Sx33625 (172.26.42.131) Primary Server Sx33626 (172.26.42.132) Backup Server Community 2 includes: Sx33629 (172.26.42.133) Primary Server Sx33630 (172.26.42.134) Backup Server The instructions at the following link have been used to install the Domino servers: http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/topic/com.ibm.help.domino.admin85.doc/d OC/H_INSTALLATION_OVER.html To configure the cluster the following instructions have been used: http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/topic/com.ibm.help.domino.admin85.doc/d OC/H_SETTING_UP_A_CLUSTER_OVER.html Replication was enabled among the server using the following schema, see Diagram 2. Note: For validation testing, only mail files were replicated. The clustered environment on the other hand allows replication for all the necessary Domino databases among all the servers. - 7 -

Diagram 2.0 - IBM Lotus Domino Server Replication Schema 1. From the Configuration Tab, select Servers, in the left navigation window All Server Documents to display the Server Table under the IBM Domain, similar to the one shown below: 2. From the Configuration Tab, select Replication, in the left navigation window to display the Replication Table under the IBM Domain, similar to the one shown below: - 8 -

3. From the Domain Directories, select People, in the left navigation window to display the User Table under the IBM Domain, similar to the one shown below: Note: 4 users were configured for validation, 2 for each community: New User1,2,3,4. The first two users have their mail file on Community 1 servers, the other 2 users on the Community 2 servers. Lotus Domino Client Configuration 1. From the File menu, select Contacts Advanced Connections to display the Server Connection Table page similar to the one shown below: Note: Bind both the Active and Backup Servers to the Domino Community FQDN, where the FQDN resolves the appropriate AppDirector Virtual IP Address (VIP). Binding the Servers from the "Via" field to the Radware hosted FQDN allows the AppDirector to manage server failover whenever either one of the Domino servers (Server3/IBM, Server4/IBM) becomes unavailable. Here are the mappings used for Radware validation: FQDN - Domino.smc.iic.ihost.com supporting VIP 172.26.42.152 for port 80 and 443 FQDN - DominoCommunity1.smc.iic.ihost.com supporting 172.26.42.152 for port 1352 FQDN - DominoCommunity2.smc.iic.ihost.com supporting 172.26.42.152 for port 1352 2. From the Server Connection Table page, select New to display the Server Connection Basics Tab similar to the one shown below: Note: Server4 was a logical name for server Sx33630, the backup server for DominoCommunity2.smc.iic.ihost.com. - 9 -

3. From the Server Connection Table page, select New to display the Server Connection Advanced Tab similar to the one shown below: Note: Server4 binding to DominoCommunity2.smc.iic.ihost.com. Primary AppDirector Configuration Using a serial cable and a terminal emulation program, connect to the AppDirector. The default console port settings are: Bits per Second: 19200 Data Bits: 8 Parity: None Stop Bits: 1 Flow Control: None 1. Using the following Command line, assign IP address 172.26.42.150/ 24 to interface G-1 of the AppDirector: net ip-interface create 172.26.42.150 255.255.255.0 G-1 pa 172.26.42.151 Note: Dedicated management interfaces are available on the AppDirector and should be used in best practice designs. For the sake of address consolidation, the production interface is also used for management in the validation testing design. To reference the dedicated management interface replace G-1 with MNG-1 or MNG-2. 2. Using a browser, connect to the management IP Address of the AppDirector (172.26.42.150) via HTTP or HTTPS. The default username and password are radware and radware. HTTPS is recommended because it is required for TLS/SSL configuration management which will be part of the configuration. Failure to establish a connection may be due to the following: Incorrect IP Address in the browser Incorrect IP Address or default route configuration in the AppDirector Failure to enable Web Based Management or Secure Web Based Management in the AppDirector - 10 -

If the AppDirector can be successfully pinged, attempt to connect to it via Telnet or SSH. If the pinging or the Telnet/SSH connection are unsuccessful, reconnect to the AppDirector via its console port. Once IP Configuration 1. From the menu, select Router IP Router Interface Parameters to display the IP Interface Parameters page similar to the one shown below: 2. On the IP Interface Parameters page, click the Create button to configure another interface if necessary. In this configuration we are using a one-armed designed and only a single interface was required. - 11 -

Farm Configuration 1. From the menu, select AppDirector Farms Farm Table to display the Farm Table page similar to the one shown below: 2. Click the Create button. 3. On the Farm Table Create page, enter the necessary parameters as shown below: 4. Click the Set button to save parameters. Note: The following two farms, Dom_Notes_Comm_1 and Dom_Notes_Comm_2 were created for separation of the Notes User Community traffic. The AppDirector is providing topology hiding and employs the ability to provide a geographically dispersed solution for Notes. Inside the two farms there is an active/backup relationship for the specific servers supporting a given community. There is a name dependency managed between the client and server and because RPC is a proprietary protocol and the name modification are not possible inside the ADC, we focus on high availability for all of Lotus Domino and loadbalance Web traffic. We also apply optimization techniques such as TCP Multiplexing, SSL Offloading for encrypted Web, Caching and Compression. Web traffic leverages dynamic layer 7 persistency based on session ID. Note: The Farm Aging Time, which determines client table entries inactivity timer was set to 1805 secs. or 30.5 min. This value was chosen because of a maximum heartbeat interval defined for mobile clients, 30 minutes. It may be possible to lower this value for specific implementations where mobile users are not included. - 12 -

5. On Farm Table page Click the Create button to configure another farm. enter the necessary parameters as shown below: 6. Click the Set button to save parameters. 7. On Farm Table page Click the Create button to configure another farm. enter the necessary parameters as shown below: 8. Click the Set button to save parameters. 9. Verify that the new entries are created on the Farm Table page: - 13 -

Create Cache Policy 1. From the menu, select AppDirector Layer 4 Traffic Redirection Caching Policies to display the Cache Policies page similar to the one shown below: 2. Click the Create button. 3. On the Cache Policies Create page, enter the necessary parameters as shown below. - 14 -

4. Click the Set button to save the parameters. Create Compression Policy 1. From the menu, select AppDirector Layer 4 Traffic Redirection Compression Policies to display the Compression Policies page similar to the one shown below: 2. Click the Create button. 3. On the Compression Policies Create page, enter the necessary parameters as shown below. - 15 -

Note: Hardware compression is a hardware option that must be supported. 4. Click the Set button to save the parameters. Create SSL Certificate 1. From the menu, select Security Certificates Table to display the Certificates Table page similar to the one shown below: 2. Click the Create button. 3. On the Certificates Table Create page, enter the necessary parameters as shown below. - 16 -

4. There will be a popup window displayed when you click on the Key Passphrase field, asking you to enter in a Passphrase, as shown below. 5. Click the Set button to save the Passphrase. 6. Click the Set button to save the Certificate parameters. 7. Verify that the new entries are created on the Certificate Table page: - 17 -

Create SSL Policy 1. From the menu, select AppDirector Layer 4 Traffic Redirection SSL Policies to display the SSL Policies page similar to the one shown below: 2. Click the Create button. 3. On the SSL Policies Create page, enter the necessary parameters as shown below. 4. Click the Set button to save the parameters. Create HTTP Policy 1. From the menu, select AppDirector Layer 4 Traffic Redirection HTTP Policies to display the HTTP Policies page similar to the one shown below: 2. Click the Create button. - 18 -

3. On the HTTP Policies Create page, enter the necessary parameters as shown below. 4. Click the Set button to save the parameters. Create Layer 4 Policy 1. From the menu, select AppDirector Layer 4 Traffic Redirection Layer 4 Policies to display the Layer 4 Policy Table page similar to the one shown below: 2. Click the Create button. 3. On the Layer 4 Policy Create page, enter the necessary parameters as shown below. - 19 -

4. Click the Set button to save the parameters. 5. On Layer 4 Policy Table page Click the Create button to configure another L4 Policy. Enter the necessary parameters as shown below: - 20 -

6. Click the Set button to save the parameters. 7. On Layer 4 Policy Table page Click the Create button to configure another L4 Policy. Enter the necessary parameters as shown below: Note: If only HTTPs is used for Web Lotus Domino access the policy previously defined is not necessary. The following HTTPs port 443 policy the way it is defined would provide the desired result. Both HTTP port 80 and HTTPs port 443 were defined for validation purposes of both protocols. 8. Click the Set button to save the parameters. 9. On Layer 4 Policy Table page Click the Create button to configure another L4 Policy. Enter the necessary parameters as shown below: - 21 -

10. Click the Set button to save the parameters. 11. Verify that the new entries were created on the Layer 4 Policy Table page: Configuring Select Server per Transaction for HTTP 1.1 Session Splitting 1. From the menu, select AppDirector Farms Extended Parameters to display the Extended Farm Parameters page similar to the one shown. - 22 -

2. Select the Dom_Web under the Farm Name to display the Extended Farm Parameters Update page, enter the necessary parameters as shown below: 3. Click the Set button to save parameters. Note: Select Server per Transaction ensures that when HTTP 1.1 is in use that new requests inside of an existing TCP connection are distributed to new servers to drive the most granular load distribution possible while honoring dynamic Cookie based persistency. Configure Dynamic Layer 7 Persistency 1. From the menu, select AppDirector Layer 7 Server Persistency Text Match to display the Text Match Session ID Persistency page similar to the one shown 2. Click the Create button. 3. On the Text Match Session ID Persistency Create page, enter the necessary parameters as shown below. - 23 -

Note: Here is an example of an IBM Lotus Domino Cookie: Cookie: Shimmer=SI_TLM:20090617T175403%2C73Z&ST_Counter:3&LAO:mail&PTMV:&ui: X&MOTLM:20090617T080101%2C05Z&V_TLM:20090617T175403%2C56Z&DBQS:27904%2C %200%2C%200%2C%200&SPRKL:1&CS_TLM:20090617T190528%2C04Z&KOSCZ:Pacific&Fr ametitle:message&fisd:1&scdictid:&notesforme816ac8f0cbba123882575d800631f0e:me mo 4. Click the Set button to save parameters. 5. Verify that the new entry was created on the Text Match Session ID Persistency page: Adding Servers to the Farms 1. From the menu, select AppDirector Servers Application Servers Table to display the Server Table page similar to the one shown. - 24 -

2. Click the Create button 3. On the Server Table Create page, enter the necessary parameters as shown below: Note: Client NAT will be used in this configuration but in the following steps we will enable it globally affecting all farms and servers. 4. Click the Set button to save parameters. 5. On Server Table page Click the Create button to configure another server. enter the necessary parameters as shown below: Note: Operational Mode and Backup Server Address are both logically assigned according to the Notes Community Clustering logic which is defined on Diagram 1. 6. Click the Set button to save parameters. - 25 -

7. On Server Table page Click the Create button to configure another server. enter the necessary parameters as shown below: 8. Click the Set button to save parameters. 9. On Server Table page Click the Create button to configure another server. enter the necessary parameters as shown below: 10. Click the Set button to save parameters. 11. On Server Table page Click the Create button to configure another server. enter the necessary parameters as shown below: - 26 -

12. Click the Set button to save parameters. 13. Repeat steps 11-12 to create the one additional servers for the Dom_Web Farm, whose information is defined as follows: Note: Details for the Dom_Web servers, are configured alike. Server 2 Name = Sx33629, IP Address 172.26.42.133 14. Verify that the new entries were created on the Server Table page: - 27 -

Enabling Client NAT 1. From the menu, select AppDirector NAT Client NAT Client NAT Quick Setup to display the Client NAT Quick Setup page similar to the one shown. 2. On the Client NAT Quick Setup page, enter the necessary parameters as shown below: 3. Click the Set button to save parameters. 4. From the menu, select AppDirector NAT Client NAT Intercept Addresses to display the Client NAT Intercept Table page similar to the one shown. - 28 -

5. Click the Create button. 6. On the Client NAT Intercept Table Create page, enter the necessary parameters as shown below. Note: The range defined will intercept all client IP addresses. 7. Click the Set button to save the parameters. Health Monitoring 1. From the menu, select Health Monitoring Global Parameters to display the Health Monitoring Global Parameters page. 2. On the Health Monitoring Global Parameters page, change the parameters as shown below: 3. Click the Set button to save parameters. - 29 -

Create the Health Monitoring Checks. 1. From the menu, select Health Monitoring Check Table to display the Health Monitoring Check Table page similar to the one shown below: 2. Click the Create button. 3. Create a set of health checks for the Lotus Domino Notes servers. On the Health Monitoring Check Table Create page, enter the necessary parameters as shown below: 4. Click the Set button to save parameters. 5. Repeat steps 3-4 to create the health checks for the following Notes Servers: Note: All four Notes Servers health checks are configured logically alike. Check 2 Name = Sx33626_1352_Port_Check, IP Address 172.26.42.132 Check 3 Name = Sx33629_1352_Port_Check, IP Address 172.26.42.133 Check 4 Name = Sx33630_1352_Port_Check, IP Address 172.26.42.134-30 -

6. Create a set of health checks for the Lotus Domino Web servers. On the Health Monitoring Check Table Create page, enter the necessary parameters as shown below: 7. Before clicking the Set button, choose the button next to Arguments to populate the specific logic settings related to the method for this check. 8. Enter the information below: Note: Where Hostname matches the servers FQDN, Sx33625.smc.iic.ihost.com. - 31 -

9. Click the Set button for the Method Arguments and click the Set button again in the Health Monitoring Check Table Create window. 10. Repeat steps 6-9 to create the health checks for the following Web Server: Note: Both Web Servers health checks are configured logically alike. Check 2 Name = Sx33629_HTTP_Check, IP Address 172.26.42.133 11. Verify the new entries were created on the Health Monitoring Check Table Note: The status of this check may display Unknown until the server replies successfully to the AppDirector s check. Binding Health Checks to Servers 1. From the menu, select Health Monitoring Binding Table to display the Health Monitoring Binding Table page similar to the one shown below: 2. Click the Create button. - 32 -

3. Create the health check binding for the Notes servers. On the Health Monitoring Binding Table Create page, enter the necessary parameters as shown below: 4. Click the Set button to save parameters. 5. Repeat steps 2-4 to bind the health checks for the following Notes Farms/Servers: Note: All four Notes Servers health bindings are logically alike. Check 2 Name: Sx33626_1352_Port_Check, Server: Farm Dom_Notes_Comm_1-172.26.42.132 Check 3 Name: Sx33629_1352_Port_Check, Server: Farm Dom_Notes_Comm_2-172.26.42.133 Check 4 Name: Sx33630_1352_Port_Check, Server: Farm Dom_Notes_Comm_2-172.26.42.134 6. Click the Create button. 7. Create the health check binding for the Web servers. On the Health Monitoring Binding Table Create page, enter the necessary parameters as shown below: 8. Click the Set button to save parameters. 9. Repeat steps 6-8 to bind the health checks for the following Web Farm/Server: Note: Both Web Servers health bindings are logically alike. Check 2 Name: Sx33629_HTTP_Check, Server: Farm Dom_Web - 172.26.42.133 10. Verify that the new entries were created on the Health Monitoring Binding Table page: - 33 -

General Redundant Configuration Notes For complete high-availability, Radware encourages implementing pairs of AppDirector units in an Active / Backup configuration. If your implementation of this architecture includes only a single AppDirector, then it is unnecessary to follow the steps in this section. Primary AppDirector VRRP Configuration 1. From the menu, select AppDirector Redundancy Global Configuration and set the parameters as noted below: - 34 -

2. Click the Set button to save these changes. Primary Virtual Routers 1. From the menu, select AppDirector Redundancy VRRP Virtual Routers to display the Virtual Router Table page similar to the one shown below. 2. Click the Create button 3. On the Virtual Router Table page, enter the necessary parameters as shown below. - 35 -

4. Click the Set button to save the parameters. 5. Verify that the new entries were created on the Virtual Router Table page: Primary Associated IP Addresses 1. From the menu, select AppDirector Redundancy VRRP Associated IP Addresses to display the Associated IP Addresses page similar to the one shown below: 2. Click the Create button 3. On the Associated IP Addresses Create page, enter the necessary parameters as shown below: - 36 -

4. Click the Set button to save the parameters 5. Repeat steps 2-4 to create the associated IP Addresses for the Layer 4 policy virtual IP address and client NAT address. These defintions will ensure proper ARP management by the backup device during failures. Note: Additional IP addresses are defined as follows: 172.26.42.152 Lotus Domino Web and Notes Community 1 VIP 172.26.42.153 Lotus Domino Notes Community 2 VIP 172.26.42.155 Client NAT address used to ensure symmetric routing in a one armed design. 6. Verify that the new entries were created on the Associated IP Addresses page: 7. Go to AppDirector Redundancy VRRP Virtual Routers and raise all of the Virtual interfaces to up by selecting VRIDs to All Up click the Set button to save the parameters. - 37 -

8. Make certain that the State of this VR is displayed as Master in the Virtual Router table: Primary Mirroring 1. Go to AppDirector Redundancy Mirroring Active Device Parameters and set the Client Table Mirroring status to enable: 2. Click the Set button to save the parameters. 3. From the menu, select AppDirector Redundancy Mirroring Mirror Device Parameters to display the Mirror Device Parameters page similar to the one shown below. - 38 -

4. Click the Create button 5. On the Mirror Device Parameters page, enter the necessary parameters as shown below: Note: This sets the Backup AD IP used as the target address for mirroring traffic. 6. Click the Set button to save the parameters. This completes the configuration of the Primary AppDirector. Auto-Generate the Backup AppDirector Configuration Once the Backup AppDirector is configured for basic IP connectivity and is available to the network, simply export the Backup Configuration file from the Primary AppDirector and upload it to the Backup AppDirector. The steps are defined below. Setting up basic IP connectivity on the Backup AppDirector Using a serial cable and a terminal emulation program, connect to the AppDirector. The default console port settings are: Bits per Second: 19200 Data Bits: 8 Parity: None Stop Bits: 1 Flow Control: None - 39 -

1. Using the following Command line, assign IP address 172.26.42.151/ 24 to interface G-1 of the AppDirector: net ip-interface create 172.26.42.151 255.255.255.0 G-1 pa 172.26.42.150 Note: Dedicated management interfaces are available on the AppDirector and should be used in best practice designs. For the sake of address consolidation, the production interface is also used for management in the validation testing design. To reference the dedicated management interface replace G-1 with MNG-1 or MNG-2. 2. Using a browser, connect to the management IP Address of the AppDirector (172.26.42.151) via HTTP or HTTPS. The default username and password are radware and radware. HTTPS is recommended because it is required for TLS/SSL configuration management which will be part of the configuration. Failure to establish a connection may be due to the following: Incorrect IP Address in the browser Incorrect IP Address or default route configuration in the AppDirector Failure to enable Web Based Management or Secure Web Based Management in the AppDirector If the AppDirector can be successfully pinged, attempt to connect to it via Telnet or SSH. If the pinging or the Telnet/SSH connection are unsuccessful, reconnect to the AppDirector via its console port. - 40 -

Auto Generating the Backup Configuration from the Primary AppDirector 1. From the web interface menu of the Primary AppDirector, select File Configuration Receive from Device to display the Download Configuration File page similar to the one shown below: Note: Switch from the Backup to Primary AppDirector to auto-generate the Backup configuration file. 2. On the Configuration File Download page, choose the necessary parameters as shown below: 3. Click the Set button to launch save file window. - 41 -

4. Click the SAVE button to save the file to a local directory. Upload the Backup Configuration file to the Backup AppDirector 1. From the web interface menu of the Backup AppDirector, select File Configuration Send to Device to display the Configuration File Upload page similar to the one shown below: Note: Clicking the Browse button and navigate to the updated configuration file. 2. Click the Set button to upload the configuration. The Backup device will reboot and be ready for use. This completes the configuration of the Backup AppDirector. - 42 -

Appendix Appendix 1 - Primary AppDirector Configuration File!Device Configuration!Date: 17-06-2009 21:14:11!DeviceDescription: AppDirector with Cookie Persistency!Base MAC Address: 00:03:b2:4b:16:40!Software Version: 2.10.00 (Build date Apr 7 2009, 22:33:12,Build#150)!APSolute OS Version: 10.31-03.05(40):2.06.09!!! The following commands will take effect only! once the device has been rebooted!! manage snmp versions-after-reset set "v1 & v2c & v3"!! The following commands take effect immediately! upon execution!! health-monitoring check create Sx33625_1352_Port_Check -id 0 -m\ "TCP Port" -p 1352 -r 3 -t 2 -d 172.26.42.131 health-monitoring check create Sx33626_1352_Port_Check -id 1 -m\ "TCP Port" -p 1352 -r 3 -t 2 -d 172.26.42.132 health-monitoring check create Sx33629_1352_Port_Check -id 2 -m\ "TCP Port" -p 1352 -r 3 -t 2 -d 172.26.42.133 health-monitoring check create Sx33630_1352_Port_Check -id 3 -m\ "TCP Port" -p 1352 -r 3 -t 2 -d 172.26.42.134 health-monitoring check create Sx33625_HTTP_Check -id 4 -m HTTP -p 80 -a \ PATH=/ HOST=Sx33625.smc.iic.ihost.com MTD=G PRX=N NOCACHE=N C1=200 -r 3 -t \ 2 -d 172.26.42.131 health-monitoring check create Sx33629_HTTP_Check -id 6 -m HTTP -p 80 -a \ PATH=/ HOST=Sx33629.smc.iic.ihost.com MTD=G PRX=N NOCACHE=N C1=200 -r 3 -t \ 2 -d 172.26.42.133 net ip-interface create 172.26.42.150 255.255.255.128 G-1 -pa \ 172.26.42.151 net route table create 0.0.0.0 0.0.0.0 172.26.42.129 -i G-1 redundancy mode set VRRP appdirector farm table setcreate Dom_Notes_Comm_1 -at 1805 -cm\ "No Checks" -sm RemoveOnSessionEnd-EPS appdirector farm table setcreate Dom_Web -at 1805 -cm "No Checks" -sm \ RemoveOnSessionEnd-SPS appdirector farm table setcreate Dom_Notes_Comm_2 -at 1805 -cm\ "No Checks" -sm RemoveOnSessionEnd-EPS appdirector farm server table create Dom_Notes_Comm_1 172.26.42.131 None \ -sn Sx33625 -id 1 -cn Enabled -sd Primary_Comm_1 -ba 172.26.42.132 appdirector farm server table create Dom_Notes_Comm_1 172.26.42.132 None \ -sn Sx33626 -om Backup -id 2 -cn Enabled -sd Backup_Comm_1 -ba \ 172.26.42.131 appdirector farm server table create Dom_Notes_Comm_2 172.26.42.133 None \ -sn Sx33629 -id 3 -cn Enabled -sd Primary_Comm_2 -ba 172.26.42.134 appdirector farm server table create Dom_Notes_Comm_2 172.26.42.134 None \ -sn Sx33630 -om Backup -id 4 -cn Enabled -sd Backup_Comm_2 -ba \ 172.26.42.133 appdirector farm server table create Dom_Web 172.26.42.131 None -sn \ Sx33625 -id 5 -cn Enabled -sd Web_Cluster - 43 -

appdirector farm server table create Dom_Web 172.26.42.133 None -sn \ Sx33629 -id 7 -cn Enabled -sd Web_Cluster redundancy interface-group set Enabled redundancy mirror main client-status set Enabled redundancy mirror address setcreate 172.26.42.151 redundancy backup-in-vlan set Disabled appdirector farm connectivity-check httpcode setcreate Dom_Notes_Comm_1\ "200 - OK" appdirector farm connectivity-check httpcode setcreate Dom_Web "200 - OK" appdirector farm connectivity-check httpcode setcreate Dom_Notes_Comm_2\ "200 - OK" redundancy backup-fake-arp set Enabled net next-hop-router setcreate 172.26.42.129 -id 0 -fl 1 appdirector farm nhr setcreate 0.0.0.0 -ip 172.26.42.129 -fl 1 appdirector farm extended-params set Dom_Notes_Comm_1 -nr 172.26.42.155 appdirector farm extended-params set Dom_Web -nr 172.26.42.155 -st \ Enabled appdirector farm extended-params set Dom_Notes_Comm_2 -nr 172.26.42.155 appdirector nat client address-range setcreate 172.26.42.155 -t \ 172.26.42.155 appdirector nat client range-to-nat setcreate 0.0.0.1 -t 255.255.255.254 redundancy backup-interface-group set Enabled system internal appdirector full-session-id-table setcreate Dom_Web 80\ TCP -k "Shimmer" -l Cookie -t 1805 -fl 0 appdirector segmentation nhr-table setcreate DefaultNHR -ip \ 172.26.42.129 -fl 1 appdirector l4-policy ssl-policy create SSL_for_Domino_Web -c Domino -r \ Enabled appdirector l4-policy compression create Domino_Web_Comp -pe Hardware appdirector l4-policy caching create Domino_Web_Cache appdirector l4-policy http-policy create Dom_Web_TCP_Multiplex -m \ Enabled appdirector l4-policy table create 172.26.42.152 TCP 1352 0.0.0.0\ Dom_Notes_Comm_1 -fn Dom_Notes_Comm_1 appdirector l4-policy table create 172.26.42.153 TCP 1352 0.0.0.0\ Dom_Notes_Comm_2 -fn Dom_Notes_Comm_2 appdirector l4-policy table create 172.26.42.152 TCP 443 0.0.0.0\ SSL_Domino_Web_Cluster -fn Dom_Web -ta HTTPS -sl SSL_for_Domino_Web -co \ Domino_Web_Comp -ca Domino_Web_Cache -ht Dom_Web_TCP_Multiplex appdirector l4-policy table create 172.26.42.152 TCP 80 0.0.0.0\ Dom_Web_Cluster -fn Dom_Web -ta HTTP -co Domino_Web_Comp -ca \ Domino_Web_Cache -ht Dom_Web_TCP_Multiplex redundancy vrrp automated-config-update set Enabled redundancy mirror main sid-status set Enabled redundancy global-configuration failure-action set Ignore health-monitoring binding create 0 1 health-monitoring binding create 4 5 health-monitoring binding create 1 2 health-monitoring binding create 2 3 health-monitoring binding create 6 7 health-monitoring binding create 3 4 health-monitoring status set enable health-monitoring response-level-samples set 0 redundancy vrrp virtual-routers create G-1 1 -as Up -p 255 -pip \ 172.26.42.150 -pm False redundancy vrrp associated-ip create G-1 1 172.26.42.152 redundancy vrrp associated-ip create G-1 1 172.26.42.153 redundancy vrrp associated-ip create G-1 1 172.26.42.155 redundancy vrrp associated-ip create G-1 1 172.26.42.150 manage user table create radware -pw GndridF04zNWSGOrZjKFV78REiEra/Qm manage telnet status set enable manage telnet server-port set 23 manage web status set enable - 44 -

manage ssh status set enable manage secure-web status set enable redundancy arp-interface-group set Send net l2-interface set 100001 -ad up redundancy vrrp global-advertise-int set 0 manage terminal prompt set AppDirector_Primary manage snmp groups create SNMPv1 public -gn initial manage snmp groups create SNMPv1 ReadOnlySecurity -gn InitialReadOnly manage snmp groups create SNMPv2c public -gn initial manage snmp groups create SNMPv2c ReadOnlySecurity -gn InitialReadOnly manage snmp groups create UserBased radware -gn initial manage snmp groups create UserBased ReadOnlySecurity -gn InitialReadOnly manage snmp access create initial SNMPv1 noauthnopriv -rvn iso -wvn iso \ -nvn iso manage snmp access create InitialReadOnly SNMPv1 noauthnopriv -rvn \ ReadOnlyView manage snmp access create initial SNMPv2c noauthnopriv -rvn iso -wvn iso \ -nvn iso manage snmp access create InitialReadOnly SNMPv2c noauthnopriv -rvn \ ReadOnlyView manage snmp access create initial UserBased authpriv -rvn iso -wvn iso \ -nvn iso manage snmp access create InitialReadOnly UserBased authpriv -rvn \ ReadOnlyView manage snmp views create iso 1 manage snmp views create ReadOnlyView 1 manage snmp views create ReadOnlyView 1.3.6.1.4.1.89.2.7.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.18.1.1 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.15.1.2.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.4.1.89.35.1.61 -cm \ excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.2 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.4 -cm excluded manage snmp views create ReadOnlyView 1.3.6.1.6.3.16.1.5 -cm excluded manage snmp notify create alltraps -ta v3traps manage snmp global engine-id set 80000059030003b24b1640 manage snmp users create radware -cf 0.0 -ap MD5 -akc \ 5efe7eb262018b74de977d1091aff3f9 -pp DES -pkc \ 5efe7eb262018b74de977d1091aff3f9 manage snmp target-address create v3mngstations -tl v3traps -p \ radware-authpriv manage snmp target-parameters create public-v1 -d SNMPv1 -sm SNMPv1 -sn \ public -sl noauthnopriv manage snmp target-parameters create public-v2 -d SNMPv2c -sm SNMPv2c -sn \ public -sl noauthnopriv manage snmp target-parameters create radware-authpriv -d SNMPv3 -sm \ UserBased -sn radware -sl authpriv manage snmp community create public -n public -sn public manage telnet session-timeout set 5 manage telnet auth-timeout set 30 system diagnostics policies setcreate any -tr Disabled system diagnostics capture output file set "ram drive and flash" system diagnostics capture output term set Disabled system diagnostics capture point set on-packet-arrive redundancy force-down-ports-time set 0 system diagnostics capture traffic-match-mode set "Inbound and Outbound" appdirector global connectivity-check tcp-timeout set 3 security certificate table \ Name: Domino \ Type: key \ Passphrase: ertr+aqdgcw4lqnq245vo4vfeq0stn/o \ -----BEGIN RSA PRIVATE KEY----- \ Proc-Type: 4,ENCRYPTED \ - 45 -

DEK-Info: DES-CBC,7648BABF7AFE818C \ \ 9fFENSRMBAhA2QIJHM/L28nQU6t7Tl67CyghPOzoZM1RwmLdlPgPO8J+jBOGEyX5 \ ebqkfnfdaamxi97ijoa5opmsgxfij8d0bx8joccu0xznin+++w/w9ix8lpmvkadm \ MP+tbvAwnph8rEsmYcNke5sHsVXWglH6BckzQ1wUr4Q0w/l9gAcu9swPJCTwBbXc \ lhrovkgh78lptmmq7mgcxhzlubkydnfagjnpgmcqbjlfpv/qcbp3zm4nwrhafszj \ xu/hrwn9bfzkblbttloqp+4o+vx4taekcg3mixhwzqcevfy++vqkewfhczszoapo \ GPBWAQOe69JN/NpdLWsnXWL6u2VXtTHDa2UnOdXnT7M2alRhFfJ9P8XVH/MF0KVi \ VHcmg++x0JXr7P1NUpYRH4vWvE/FcjoRgiwSVlDtgWJ2A9VhRKoio2dFu6Rzm4Lm \ yk/gnwocmqk8kcvnbxdmtpiz7crg7r57i1jlgb5ndywzeczdllsqifmc8p8l9jud \ d4vyxpryyydcoqlyq2ezsqejnepbcfoselofqdvdc9fgowqo/rgltict6zzvyz1g \ 6zUoR9bvfyt2v+0tGKTCSS67jBrvPfdvtDxxNDrvNJpl1uEchQXuQfWi97v2uGZN \ MOrLTlq7Q40mLzLoFPBDsxbtTO1BMQa2agWVV3EEv90q1UsuZMwh1+riRXeQ1afJ \ p4na4ywkrdz/f69k3l/zwbotfxvojfws1wtec1jeirqfgpstclo5acv5nuv4rdwy \ CzYyeX3DSeLBHVIj3zZ0ahM/dIahulOuU2LTgMnfWxHnofGZ6dgzTw== \ -----END RSA PRIVATE KEY----- \ Name: Domino \ Type: certificate \ -----BEGIN CERTIFICATE----- \ MIICnDCCAgUCAnpiMA0GCSqGSIb3DQEBBAUAMIGVMQswCQYDVQQGEwJVUzELMAkG \ A1UECBMCQ0ExEjAQBgNVBAcTCVNhbiBNYXRlbzEaMBgGA1UEAxMRc21jLmlpYy5p \ ag9zdc5jb20xddakbgnvbaota0lctteqma4ga1uecxmhvgvzdgluzzepmccgcsqg \ SIb3DQEJARYaZG9taW5vZXZlbnRtYW5hZ2VyQElCTS5jb20wHhcNMDkwNjE1MTUz \ NzA3WhcNMTAwNjE1MTUzNzA3WjCBlTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB \ MRIwEAYDVQQHEwlTYW4gTWF0ZW8xGjAYBgNVBAMTEXNtYy5paWMuaWhvc3QuY29t \ MQwwCgYDVQQKEwNJQk0xEDAOBgNVBAsTB1Rlc3RpbmcxKTAnBgkqhkiG9w0BCQEW \ GmRvbWlub2V2ZW50bWFuYWdlckBJQk0uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN \ ADCBiQKBgQD5vJGa332IZea59V+7SL5JKT4/sWLg+VzjFJpHRw0NNMSigIXdBDvw \ 2awQ9kJuRstKMiZeZtIi/hnFRgRhbxPWChiU0eAnFLAOa5cv66OXshM+/kZ1zGg7 \ FZTdTOrs0ehkMqKVJyTBRHVDnjD2+dwA2vg7zfzLlHWNuWPRKUNuQQIDAQABMA0G \ CSqGSIb3DQEBBAUAA4GBAMmw/zxBHoCJtgUIz5j+B7OQyb6Ok0cVb6N9Gh3SW/tx \ bgyc/jtxkffwu9oaw4ggjy4rnuy0sqmhsqb2lnnsejrq9la7izsbz+etrcj1qube \ Axw0wlek/CtirkloYoeDVcksZiYgXiA2qqa5j4yrkjZg2e7fOCX8DUQBuaCDoOU9 \ -----END CERTIFICATE----- \ Name: radware \ Type: key \ Passphrase: GndridF04zNWSGOrZjKFV78REiEra/Qm \ -----BEGIN RSA PRIVATE KEY----- \ Proc-Type: 4,ENCRYPTED \ DEK-Info: DES-CBC,32BDB7BB743282D3 \ \ GNX0oLdbRLot4JrZFLOCdndT2zzBqrg00EN/Kqvx4VIK/9VB6Fh8DORPQI5Af27c \ yingnh2+gqdg7g6ficfdhntsvyykym/gqybpixjul+rewumkbkpp6zjg2hmuhlew \ ahu/9+clkaaol+rqwtvvswdmuzfk7o/qywqqnfeqgszodh5ztsjdpw1/vx5dqxxs \ xxw4gmg46ahnboz86lvhs4lldnlgehx5f1ywtub+eriwa3xp+3c3cqzkbuqkcmwu \ 0IcEauKVFSEt6+UH/TpN52+oaqYwi5VCGsu6QCFuS5E19MsltwFcFxkzYSCzAI57 \ e3jml/ufhy+ofebcu7deofos2owehvqe9mxbg+aouxzmnuxp4kz4jp+v+j1um44n \ pnu2s2exk29y7/9szfvmtzaihilpmfm3oaziji8zdjyttc1p6+foba== \ -----END RSA PRIVATE KEY----- \ Name: radware \ Type: certificate \ -----BEGIN CERTIFICATE----- \ MIIB1zCCAYECAiLyMA0GCSqGSIb3DQEBBAUAMHYxCzAJBgNVBAYTAlVTMRAwDgYD \ VQQIEwdSYWR3YXJlMRAwDgYDVQQHEwdSYWR3YXJlMRQwEgYDVQQDEwsxOS4xNjgu \ MS41MDEQMA4GA1UEChMHUmFkd2FyZTEbMBkGA1UECxMSUmFkd2FyZSB3ZWIgc2Vy \ dmvymb4xdta5mdywote4nti0n1oxdtewmdywote4nti0n1owdjelmakga1uebhmc \ VVMxEDAOBgNVBAgTB1JhZHdhcmUxEDAOBgNVBAcTB1JhZHdhcmUxFDASBgNVBAMT \ CzE5LjE2OC4xLjUwMRAwDgYDVQQKEwdSYWR3YXJlMRswGQYDVQQLExJSYWR3YXJl \ IHdlYiBzZXJ2ZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwulLF6y37+NJ5xw6 \ DYaZLdn1kgGZzzboBt2Qsw/bpQBl3dWk3fQrKqqgg8lLKPRpp62XlLK5WG1KPVD/ \ 1vx3DwIDAQABMA0GCSqGSIb3DQEBBAUAA0EAtJ8La4DDo+Dp2zSIecZUZvmcwOlH \ EAvsADKT3kPdAhJ1d9pxzfyZ9tKMKJVUdrh4Gdo8cnOvKz8dATa08lsu4w== \ -----END CERTIFICATE----- \ - 46 -

Name: rdwrhmm \ Type: key \ Passphrase: kkf03uzhqa90e85de5zmmojqmq6wxfic \ -----BEGIN RSA PRIVATE KEY----- \ Proc-Type: 4,ENCRYPTED \ DEK-Info: DES-CBC,216FCA578B394222 \ \ v5xzav7hzkdm9baid8erpi+f5hiqvqqk7xx1e0p+dgrjd6e2fqtbzznqtwm9p3ue \ rrevdhqhooeajchxqz9ogke6aouqxfljiewjdqqangawwuhx4fktsl5epp5mebva \ KgwgL7nmowt4+HLp0+eEsv/a+ypBcnfkOSzBhIF7EGvcr3JHMh3w4IqHCJ2z26UL \ T23HhFY8k2VwlmB+KgUXiIxBvN2ulDW+PLjxTazxe97x8cA29BZnN823o49tZ1Z5 \ mpydxhbdy3s3oc/zv1kfi/qdbtxdahhdog+sruhko2mwpyyxzgwrbjrnnmgb1fhv \ R2PuwC8SjuXW6hmlDqnTs0IM3Y6mV/yc7YYLJ1nTfHu/EdxuwO6Tzt1M1HKZpvla \ msbg34h5di7wnocd8h/z4kyzr4e7bvpgmvdgyrwns/y= \ -----END RSA PRIVATE KEY----- \ Name: rdwrhmm \ Type: certificate \ -----BEGIN CERTIFICATE----- \ MIIB8zCCAZ0CAhPqMA0GCSqGSIb3DQEBBAUAMIGDMQswCQYDVQQGEwJVUzEQMA4G \ A1UECBMHUmFkd2FyZTEQMA4GA1UEBxMHUmFkd2FyZTEaMBgGA1UEAxMRUlcgU1NM \ IG1vbml0b3JpbmcxEDAOBgNVBAoTB1JhZHdhcmUxIjAgBgNVBAsTGVJhZHdhcmUg \ SGVhbHRoIE1vbml0b3JpbmcwHhcNMDkwNjA5MTg1MjQ3WhcNMTAwNjA5MTg1MjQ3 \ WjCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB1JhZHdhcmUxEDAOBgNVBAcTB1Jh \ ZHdhcmUxGjAYBgNVBAMTEVJXIFNTTCBtb25pdG9yaW5nMRAwDgYDVQQKEwdSYWR3 \ YXJlMSIwIAYDVQQLExlSYWR3YXJlIEhlYWx0aCBNb25pdG9yaW5nMFwwDQYJKoZI \ hvcnaqebbqadswawsajbalu5u3sgf6wevhmr7edtwmkzznijvvbengw4k3ujwxlk \ 4EOHg5YC+h6RIzTPeXH/ApKZ+BCWYirhaP8MM8mDOpUCAwEAATANBgkqhkiG9w0B \ AQQFAANBAJj5aKcbnUtxvdwiJIA5laPX4/RN6KfQKUVy2Q26xIVfONo2ES6AJK6l \ UjB13mweWmry7/2Aa7+sLif03fj4tq0= \ -----END CERTIFICATE-----!File Signature: 1f2e4f6764f8dc8e6f9a076eaae3539f Appendix 2 - Backup AppDirector Configuration File!Device Configuration!Date: 18-06-2009 15:22:06!DeviceDescription: AppDirector with Cookie Persistency!Base MAC Address: 00:03:b2:4b:16:00!Software Version: 2.10.00 (Build date Apr 7 2009, 22:33:12,Build#150)!APSolute OS Version: 10.31-03.05(40):2.06.09!!! The following commands will take effect only! once the device has been rebooted!! manage snmp versions-after-reset set "v1 & v2c & v3"!! The following commands take effect immediately! upon execution!! health-monitoring check create Sx33625_1352_Port_Check -id 0 -m\ "TCP Port" -p 1352 -r 3 -t 2 -d 172.26.42.131 health-monitoring check create Sx33626_1352_Port_Check -id 1 -m\ "TCP Port" -p 1352 -r 3 -t 2 -d 172.26.42.132-47 -

health-monitoring check create Sx33629_1352_Port_Check -id 2 -m\ "TCP Port" -p 1352 -r 3 -t 2 -d 172.26.42.133 health-monitoring check create Sx33630_1352_Port_Check -id 3 -m\ "TCP Port" -p 1352 -r 3 -t 2 -d 172.26.42.134 health-monitoring check create Sx33625_HTTP_Check -id 4 -m HTTP -p 80 -a \ PATH=/ HOST=Sx33625.smc.iic.ihost.com MTD=G PRX=N NOCACHE=N C1=200 \ -r 3 -t 2 -d 172.26.42.131 health-monitoring check create Sx33629_HTTP_Check -id 6 -m HTTP -p 80 -a \ PATH=/ HOST=Sx33629.smc.iic.ihost.com MTD=G PRX=N NOCACHE=N C1=200 \ -r 3 -t 2 -d 172.26.42.133 net ip-interface create 172.26.42.151 255.255.255.128 G-1 -pa \ 172.26.42.150 net route table create 0.0.0.0 0.0.0.0 172.26.42.129 -i G-1 redundancy mode set VRRP system mib2-name set AppDirector_Secondary appdirector farm table setcreate Dom_Notes_Comm_1 -at 1805 -cm\ "No Checks" -sm RemoveOnSessionEnd-EPS appdirector farm table setcreate Dom_Web -at 1805 -cm "No Checks" -sm \ RemoveOnSessionEnd-SPS appdirector farm table setcreate Dom_Notes_Comm_2 -at 1805 -cm\ "No Checks" -sm RemoveOnSessionEnd-EPS appdirector farm server table create Dom_Notes_Comm_1 172.26.42.131 None \ -sn Sx33625 -id 1 -cn Enabled -sd Primary_Comm_1 -ba 172.26.42.132 appdirector farm server table create Dom_Notes_Comm_1 172.26.42.132 None \ -sn Sx33626 -om Backup -id 2 -cn Enabled -sd Backup_Comm_1 -ba \ 172.26.42.131 appdirector farm server table create Dom_Notes_Comm_2 172.26.42.133 None \ -sn Sx33629 -id 3 -cn Enabled -sd Primary_Comm_2 -ba 172.26.42.134 appdirector farm server table create Dom_Notes_Comm_2 172.26.42.134 None \ -sn Sx33630 -om Backup -id 4 -cn Enabled -sd Backup_Comm_2 -ba \ 172.26.42.133 appdirector farm server table create Dom_Web 172.26.42.131 None -sn \ Sx33625 -id 5 -cn Enabled -sd Web_Cluster appdirector farm server table create Dom_Web 172.26.42.133 None -sn \ Sx33629 -id 7 -cn Enabled -sd Web_Cluster redundancy interface-group set Enabled redundancy mirror backup status set Enabled redundancy mirror main client-status set Enabled redundancy mirror address setcreate 172.26.42.150 redundancy backup-in-vlan set Enabled appdirector farm connectivity-check httpcode setcreate Dom_Notes_Comm_1\ "200 - OK" appdirector farm connectivity-check httpcode setcreate Dom_Web "200 - OK" appdirector farm connectivity-check httpcode setcreate Dom_Notes_Comm_2\ "200 - OK" appdirector l7 server-persistency static-persist-table setcreate Dom_Web\ 4mDBCR0RiqYP -sa 172.26.42.131 -sp 0 -fl 1 appdirector l7 server-persistency static-persist-table setcreate Dom_Web\ H7Rg28WlHF4J -sa 172.26.42.133 -sp 0 -fl 1 redundancy backup-fake-arp set Enabled net next-hop-router setcreate 172.26.42.129 -id 0 -fl 1 appdirector farm nhr setcreate 0.0.0.0 -ip 172.26.42.129 -fl 1 appdirector farm extended-params set Dom_Notes_Comm_1 -nr 172.26.42.155 appdirector farm extended-params set Dom_Web -nr 172.26.42.155 -st \ Enabled appdirector farm extended-params set Dom_Notes_Comm_2 -nr 172.26.42.155 appdirector nat client address-range setcreate 172.26.42.155 -t \ 172.26.42.155 appdirector nat client range-to-nat setcreate 0.0.0.1 -t 255.255.255.254 redundancy backup-interface-group set Enabled system internal appdirector full-session-id-table setcreate Dom_Web 80\ TCP -k "Shimmer" -l Cookie -t 1805 -fl 0 appdirector segmentation nhr-table setcreate DefaultNHR -ip \ - 48 -

172.26.42.129 -fl 1 appdirector l4-policy ssl-policy create SSL_for_Domino_Web -c Domino -r \ Enabled appdirector l4-policy compression create Domino_Web_Comp -pe Hardware appdirector l4-policy caching create Domino_Web_Cache appdirector l4-policy http-policy create Dom_Web_TCP_Multiplex -m \ Enabled appdirector l4-policy table create 172.26.42.152 TCP 1352 0.0.0.0\ Dom_Notes_Comm_1 -fn Dom_Notes_Comm_1 -rs Backup appdirector l4-policy table create 172.26.42.153 TCP 1352 0.0.0.0\ Dom_Notes_Comm_2 -fn Dom_Notes_Comm_2 -rs Backup appdirector l4-policy table create 172.26.42.152 TCP 443 0.0.0.0\ SSL_Domino_Web_Cluster -fn Dom_Web -ta HTTPS -rs Backup -sl \ SSL_for_Domino_Web -co Domino_Web_Comp -ca Domino_Web_Cache -ht \ Dom_Web_TCP_Multiplex appdirector l4-policy table create 172.26.42.152 TCP 80 0.0.0.0\ Dom_Web_Cluster -fn Dom_Web -ta HTTP -rs Backup -co Domino_Web_Comp -ca \ Domino_Web_Cache -ht Dom_Web_TCP_Multiplex redundancy mirror main dns-status set Disabled redundancy vrrp automated-config-update set Enabled redundancy mirror main sid-status set Enabled redundancy global-configuration failure-action set Ignore health-monitoring binding create 0 1 health-monitoring binding create 4 5 health-monitoring binding create 1 2 health-monitoring binding create 2 3 health-monitoring binding create 6 7 health-monitoring binding create 3 4 health-monitoring status set enable health-monitoring response-level-samples set 0 redundancy vrrp virtual-routers create G-1 1 -as Up -p 155 -pip \ 172.26.42.151 -pm False redundancy vrrp associated-ip create G-1 1 172.26.42.152 redundancy vrrp associated-ip create G-1 1 172.26.42.153 redundancy vrrp associated-ip create G-1 1 172.26.42.155 redundancy vrrp associated-ip create G-1 1 172.26.42.150 manage user table create radware -pw GndridF04zNWSGOrZjKFV78REiEra/Qm manage telnet status set enable manage telnet server-port set 23 manage web status set enable manage ssh status set enable manage secure-web status set enable redundancy arp-interface-group set Send net l2-interface set 100001 -ad up redundancy vrrp global-advertise-int set 0 manage terminal prompt set AppDirector_Secondary manage snmp groups create SNMPv1 public -gn initial manage snmp groups create SNMPv1 ReadOnlySecurity -gn InitialReadOnly manage snmp groups create SNMPv2c public -gn initial manage snmp groups create SNMPv2c ReadOnlySecurity -gn InitialReadOnly manage snmp groups create UserBased radware -gn initial manage snmp groups create UserBased ReadOnlySecurity -gn InitialReadOnly manage snmp access create initial SNMPv1 noauthnopriv -rvn iso -wvn iso \ -nvn iso manage snmp access create InitialReadOnly SNMPv1 noauthnopriv -rvn \ ReadOnlyView manage snmp access create initial SNMPv2c noauthnopriv -rvn iso -wvn iso \ -nvn iso manage snmp access create InitialReadOnly SNMPv2c noauthnopriv -rvn \ ReadOnlyView manage snmp access create initial UserBased authpriv -rvn iso -wvn iso \ -nvn iso manage snmp access create InitialReadOnly UserBased authpriv -rvn \ - 49 -