Deploying Load balancing for Novell Border Manager Proxy using Session Failover feature of NBM 3.8.4 and L4 Switch



Similar documents
Configuring Nex-Gen Web Load Balancer

HUAWEI OceanStor Load Balancing Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

ArcGIS for Server Deployment Scenarios An ArcGIS Server s architecture tour

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

NEFSIS DEDICATED SERVER

NetIQ Access Manager 4.1

CYAN Secure Web Microsoft ISA Server Deployment Guide

Lepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with

ELIXIR LOAD BALANCER 2

Exploiting the Web with Tivoli Storage Manager

Ignify ecommerce. Item Requirements Notes

Proof of Concept Guide

FioranoMQ 9. High Availability Guide

Deploying RSA ClearTrust with the FirePass controller

Applications Manager Best Practices document

Configuring Load Balancing

Getting started. Symantec AntiVirus Corporate Edition 8.1 for Workstations and Network Servers

ArcGIS for Server Reference Implementations. An ArcGIS Server s architecture tour

Rebasoft Auditor Quick Start Guide

XCP APP FAILOVER CONFIGURATION FOR WEBLOGIC CLUSTER AND APACHE WEBSERVER

Server Software Installation Guide

Load Balancing Microsoft Terminal Services. Deployment Guide

MID-TIER DEPLOYMENT KB

Guide to the LBaaS plugin ver for Fuel

Novell Access Manager

Understanding Slow Start

Technical White Paper - JBoss Security

Web Application Hosting Cloud Architecture

Installing The SysAidTM Server Locally

Pivot3 Reference Architecture for VMware View Version 1.03

Configuring Microsoft IIS 5.0 With Pramati Server

Server Installation Guide ZENworks Patch Management 6.4 SP2

IBM Security Access Manager, Version 8.0 Distributed Session Cache Architectural Overview and Migration Guide

FileMaker Server 7. Administrator s Guide. For Windows and Mac OS

Deploying Remote Desktop Connection Broker with High Availability Step-by-Step Guide

OMU350 Operations Manager 9.x on UNIX/Linux Advanced Administration

Configuring Apache HTTP Server With Pramati

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy

Deploying Cloudera CDH (Cloudera Distribution Including Apache Hadoop) with Emulex OneConnect OCe14000 Network Adapters

Secure Messaging Server Console... 2

VERSION 9.02 INSTALLATION GUIDE.

Developing Higher Density Solutions with Dialogic Host Media Processing Software

18.2 user guide No Magic, Inc. 2015

Secure Web Appliance. Reverse Proxy

SOFTWARE LICENSE LIMITED WARRANTY

Secure Web Appliance. SSL Intercept

Server Installation ZENworks Mobile Management 2.7.x August 2013

Load balancing Microsoft IAG

Filr 2.0 Administration Guide. April 2016

Kony MobileFabric. Sync Windows Installation Manual - WebSphere. On-Premises. Release 6.5. Document Relevance and Accuracy

Webinar Information. Title: Websense Remote Filtering Audio information: Dial-in numbers:

NSi Mobile Installation Guide. Version 6.2

WhatsUp Gold v16.3 Installation and Configuration Guide

Avalanche Site Edition

Chapter 1 - Web Server Management and Cluster Topology

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

FileMaker Server 8. Administrator s Guide

System Requirements Table of contents

AND SERVER SECURITY

Enterprise Site Manager (ESM) & Administrator Console Installation / Uninstall

AND SERVER SECURITY

Pulse Policy Secure. RADIUS Server Management Guide. Product Release 5.1. Document Revision 1.0. Published:

Veritas Cluster Server

SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX

Semantic based Web Application Firewall (SWAF - V 1.6)

How To Fix A Fault Notification On A Network Security Platform (Xc) (Xcus) (Network) (Networks) (Manual) (Manager) (Powerpoint) (Cisco) (Permanent

Very Large Enterprise Network, Deployment, Users

StarWind Virtual SAN Installation and Configuration of Hyper-Converged 2 Nodes with Hyper-V Cluster

Load Balancing for Microsoft Office Communication Server 2007 Release 2

DEPLOYMENT GUIDE Version 1.2. Deploying F5 with Oracle E-Business Suite 12

Using RD Gateway with Azure Multifactor Authentication

Cloud Authentication. Getting Started Guide. Version

QPS 9.2 ReadMe...5. QPS components...6

PATROL Console Server and RTserver Getting Started

UserGate Proxy & Firewall v.6 User guide

CA Performance Center

GigaSpaces XAP 10.0 Administration Training ADMINISTRATION, MONITORING AND TROUBLESHOOTING GIGASPACES XAP DISTRIBUTED SYSTEMS

Enterprise Deployment of the EMC Documentum WDK Application

Installing QuickBooks Enterprise Solutions Database Manager On Different Linux Servers

Load Balancing Microsoft AD FS. Deployment Guide

IBM WEBSPHERE LOAD BALANCING SUPPORT FOR EMC DOCUMENTUM WDK/WEBTOP IN A CLUSTERED ENVIRONMENT

DNS ROUND ROBIN HIGH-AVAILABILITY LOAD SHARING

System requirements for A+

ULTEO OPEN VIRTUAL DESKTOP UBUNTU (PRECISE PANGOLIN) SUPPORT

DEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity

msuite5 & mdesign Installation Prerequisites

High Availability with Elixir

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

Load Balancing Microsoft Remote Desktop Services. Deployment Guide

Instant Chime for IBM Sametime High Availability Server Guide

CHAPTER 4 PERFORMANCE ANALYSIS OF CDN IN ACADEMICS

SOLUTION BRIEF: SLCM R12.8 PERFORMANCE TEST RESULTS JANUARY, Submit and Approval Phase Results

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.2

Configuring Windows Server Clusters

DEPLOYING EMC DOCUMENTUM BUSINESS ACTIVITY MONITOR SERVER ON IBM WEBSPHERE APPLICATION SERVER CLUSTER

User-ID Best Practices

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Novell Access Manager SSL Virtual Private Network

Remote Filtering. Websense Web Security Websense Web Filter. v7.1

UserGate Proxy & Firewall USERGATE Administrator Manual

Transcription:

Novell Border Manager Appnote Deploying Load balancing for Novell Border Manager Proxy using Session Failover feature of NBM 3.8.4 and L4 Switch Bhavani ST and Gaurav Vaidya Software Consultant stbhavani@novell.com gvaidya@novell.com Abstract: This document provides a solution for high availability and failover for HTTP forward proxy, which is transparent to end users. The solution is based on load balancing capability of any L4 switch and session failover feature of Novell BorderManager 3.8.4

Table of Contents 1. Introduction...3 2. Intended Audience...3 3. Pre-requisite/Assumptions...3 4. The Background...4 4.1 Novell BorderManager Proxy...4 4.2 Session Failover with BorderManager 3.8.4...4 4.3 How Session failover works?...4 4.4 Load Balancing the BorderManager proxy...5 5. Proposed Solution...5 5.1 Set of Actions...6 5.2 Information on Network Diagram...7 6. Steps to configure...8 6.1 Configure HTTP Service on BorderManager Proxy...8 6.2 Configuring Auth Agent...8 6.3 Start Auth Agent...9 6.4 Configuring Proxy for Session Failover...9 6.5 Start Proxy Agent...10 6.6 Configure L4 switch...10 6.7 Verification of the setup...11 7. Conclusion...12 8. Reference...12

1. Introduction When large number of authenticated users are accessing BorderManager Proxy service on multiple proxy servers, it becomes important to optimize the usage of proxy servers. Traditionally each BorderManager proxy keep record of authenticated users and does not share the information with other proxies. With the introduction of session failover feature on BorderManager 3.8.4, it is now possible for proxy to share the authenticated user information with other BorderManager proxies configured in the system. This Appnote utilizes this concept and provides the guidelines for deploying Novell BorderManager Proxy with Load balancing capabilities to service number of users. This solution is formulated by using multiple BorderManager 3.8.4 server farm connected through a Layer-4 switch and utilizes the session failover feature of Novell BorderManager 3.8.4. 2. Intended Audience All those who wants the efficient utilization of their BorderManager proxy servers in multi-proxy server deployment. All those who wants to utilize the Load Balancing capabilities of L4 switch for BorderManager proxy for high availability. All those who wants to add session failover capability in multiple BorderManager proxy server deployment (i.e. Provide 24 x 7 service even if connectivity to any of the proxy server is lost) 3. Pre-requisite/Assumptions Users/Administrators are familiar with Novell BorderManager Proxy Users/Administrators know how to configure Proxy services, ie., usage of NWADMIN. Administrator has worked on the L4 switch they intended to use with this solution. In this appnote we are covering at high level, what needs to be configured for making it work with Novell BorderManager.

4. The Background 4.1 Novell BorderManager Proxy There are three main applications of Novell BorderManager proxy : Forward, Reverse and Transparent proxies. Novell BorderManager's HTTP forward proxy is being used by most of the organizations for providing Internet access to their employees. Forward proxy is one of the widely used feature, because of its caching, authentication and single-sign-on capabilities. Novell BorderManager proxy does not have inbuilt load balancing capabilities except when deployed as cluster. While load balancing in cluster scenario, still requires users to re-authenticate when user switches the proxies. Although the advantage Novell BorderManager provide in the Cluster environment is, that the cached information will be available with the other nodes of the cluster. Once the re-authentication is complete the new proxy node can service the web requests from the cache. Even though the caching information is shared with all the nodes in the cluster, the authentication information is not shared. Now with the release of BoderManager 3.8.4, proxy can share the authentication information using session failover feature. 4.2 Session Failover with BorderManager 3.8.4 In 3.8.4 version of Novell BorderManager a new feature has been added that provides the session failover capability. This feature allows multiple proxies to share the user's authentication information. Whenever a user does login, logout or timeout from a proxy, that information is shared to other pre-configured proxies through an agent. This arrangement enables a user to switch to another proxy during the Internet Access session. 4.3 How Session failover works? This solution has two components: Auth Agent and Proxy Agent. There is generally one Auth Agent configured in the system and Proxy Agent configured at each BorderManager proxy. All the entities share the similar configuration file which defines the Auth Agent and all proxy agents in the system.

Auth Agent is a central entity which collects information from multiple proxy agents and distributes the same to all other proxy agents. This will ensure sharing of authentication information amongst all proxies that are configured to use the Auth Agent. Even if the user has authenticated to only one proxy, that information would be shared with all other configured proxies. Auth Agent is a java application and can be deployed either on NetWare or Linux server. Proxy agent is the new authchk.nlm, running in each of the proxy servers configured for Session failover. Proxy Agents run on each BorderManager proxy server and has responsibility to inform Auth Agent about every user login, logout or timeout. When ever a similar event happens at any other proxy, the auth agent forwards the information to each proxy where Proxy Agent is configured. Proxy Agent updates the local authenticated users table on receiving the information from Auth Agent. 4.4 Load Balancing the BorderManager proxy Prior to Novell BorderManager 3.8.4 (i.e. session failover feature) it was not possible to provide transparent load balancing for proxy servers. As mentioned earlier, proxy deployed on clusters could provide failover but it is not transparent and the user must re-authenticate to the newly switched proxy. With the introduction of session failover feature now all the proxies in the deployed network can be configured to share authentication information and it has made it possible to utilize load balancing for BorderManager proxy servers. 5. Proposed Solution For providing Load balancing capabilities a L4 switch is configured to distribute the load among different proxies. Novell Border Manager proxies are configured behind L4 switch. The proxy server is configured with session failover feature for sharing authentication information. Figure-1 shows the sample setup used for the purpose of this Appnote. Details about the setup are described in Section 5.2. In the proposed load balancing solution, a typical sequence of interaction between users, L4 switch, Novell BorderManager Proxy (Proxy Agent) and Auth Agent is described below:

5.1 Set of Actions 1. User authenticates via L4 switch to any of the proxies (as selected by L4 switch). 2. Once the authentication is successful, proxy send the authentication information to Auth Agent, which in turn distribute it to other proxies in the setup. 3. After successful authentication even if L4 switch send the subsequent HTTP request to other proxies, that proxy would be able to service the request without asking user to re-authenticate. 4. If for some reason the connectivity to any of the proxy is down, L4 switch will forward the client requests to another proxy in the setup and the request can be serviced. 5. In the event of user logout or user authentication timeout the information is propagated to all the proxies through the Auth Agent (as in Step-2). Figure-1: Network Diagram for Load Balancing Setup

5.2 Information on Network Diagram Following are the details about the network setup as shown in Figure-1. Proxy (BorderManager Server) : All NBM servers are configured with forward HTTP proxy and authentication enabled. These servers have the private interface in the 10.x.x.x network and public interface in 192.168.10.x network. Brand Processor RAM : Dell Power Edge 2650 series : Intel xeon 1.8 Ghz : 2 GB L4 Switch: L4 switch is configured for load balancing among 3 proxy servers. It is in same network as clients and private interface of BorderManager servers. For this setup it is also providing connectivity between proxy and Auth agent. Brand : Alteon 184 series OS Version : 10.0.32.1 Clients : Brand : Connoi Processor : Intel Pentium 4 RAM : 1 GB

6. Steps to configure 6.1 Configure HTTP Service on BorderManager Proxy Configure Border Manager server for Forward Proxy, use the following link to do the configuration which provides detailed information http://www.novell.com/documentation/nbm38/index.html?page=/docume ntation/nbm38/inst_admin/data/hbvwoadz.html#hbvwoadz For configuring Authentication for Forward Proxy use the following link http://www.novell.com/documentation/nbm38/index.html?page=/docume ntation/nbm38/inst_admin/data/huvskz48.html#huvskz48 NOTE: Configure same Idle Timeout value on all the proxies which are doing load balancing. 6.2 Configuring Auth Agent Auth Agent can be configured on either Netware or Linux server. For this Appnote we are considering Linux. Create auth.cfg in /etc/proxy directory (SYS:/ETC/PROXY/ for NetWare). 1. Copy bmauth.jar to the system where the Auth Agent is being configured. 2. Create auth.cfg in /etc/proxy directory (SYS:/ETC/PROXY/ for NetWare). One can copy sample auth.cfg file to /etc/proxy folder from SYS:/ETC folder of the BorderManager Server. 3. Modify the file as per your setup. Auth Agent and Proxy agent should be contactable to each other. Choose the proxy interface which is in the same network as Auth agent. For Example the auth.cfg file would look like as follows for Figure-1:

[proxy agents] 1=10.10.1.1 2=10.10.1.2 3=10.10.1.3 [auth ] ipport1=10.10.1.5:9023 [debug] Level=10 File=auth.log In the above sample configuration 1, 2 and 3 are unique proxy ID for Proxy Agent-1(10.10.1.1), Proxy Agent-2(10.10.1.2) and Proxy Agent-3 (10.10.1.3). 10.10.1.5 is the IP address of the server where Auth Agent is running. 6.3 Start Auth Agent Java must be installed on your server where Auth Agent is configured. Use the following command to start Auth Agent: java -classpath <full_path_of_bmauth.jar> com.novell.bordermanager.proxy.auth.authdb 6.4 Configuring Proxy for Session Failover The trust between Proxy agent and Auth agent is established by the configuration file. Proxy Agent also has the similar configuration file as configured for Auth Agent. Before starting Proxy Agent, make sure that Auth Agent is configured and running. Copy sample auth.cfg file to SYS:/etc/proxy folder from SYS:/ETC folder of BorderManager Server. For Example auth.cfg file for the first proxy Server in the Setup would look like as follows

[proxy agents] 1=localhost 2=10.10.1.2 3=10.10.1.3 [auth ] ipport1=10.10.1.5:9023 [debug] Level=10 File=auth.log Again, in the above file 1, 2 and 3 are unique proxy ID for Proxy Agent-1 (10.10.1.1), Proxy Agent-2 (10.10.1.2) and Proxy Agent 3(10.10.1.3). 10.10.1.5 is the IP address of the server where Auth Agent is configured. NOTE: Difference between Auth and Proxy agents auth.cfg file It can be observed from both the auth.cfg files that, at each individual proxy agent for the local agent they need to add value as localhost. 6.5 Start Proxy Agent. On the Netware console of your BorderManager Proxy server, run stopbrd and startbrd after configuring auth.cfg file. On restarting the BorderManager services the proxy service would start with proxy agent. The logger screen shows the information that session failover is enabled. 6.6 Configure L4 switch There may be different L4 switch deployed at different implementations. In this section we would discuss the configuration of L4 at

higher level. Users / Administrators are supposed to configure the L4 switch deployed in their network on similar line. Following are the steps for setup in this document (Figure-1): 1. Add all the BorderManager proxy servers as Real servers. Configure IP address and add port for service provided by each server. For this deployment the ports are 8080 and 443. 2. Configure a group with three real servers (i.e. proxies) configured in above step. This group would act as a pool for load balancing. 3. Configure a Virtual Server with services provided for port 8080 and 443. Attach the group created in step two to this virtual service, which would enable L4 switch to do load balancing among real servers i.e. proxies. 4. Finally configure the load balancing algorithm to be used for distributing the load among all the proxies. For the purpose of this Appnote the load balancing algorithm used was HASH (which binds clients to a specific server based on client's IP). IMPORTANT NOTE: On L4 Switch Load Balancing Algorithm L4 switch provides various algorithms for load balancing. It includes load based, round robin, hash and many more. When L4 switch is configured with round robin or load based algorithm the authentication requests themselves is distributed across multiple proxies, this may results in many security warning messages at the browser. The best choice of algorithm in this scenario could be HASH where every client is tied to only one server based on client's address. 6.7 Verification of the setup Configure proxy setting for browser at the client, to use L4 switch IP as proxy address and port configured as 8080. Once all the configurations as mentioned above are complete, start a HTTP session from a client. Observe through which proxy the user login has happened. Once that is known bring down that proxy server and initiate further HTTP requests. For new HTTP requests proxy should not ask for re-authentication.

7. Conclusion Using the capabilities of two different products i.e. L4 switch and BorderManager 3.8.4 session failover feature, one can add load balancing capabilities to BorderManager proxy for providing high availability. 8. Reference Online Documentation for BorderManager Session Failover (http://www.novell.com/documentation/nbm38/index.html?page=/docume ntation/nbm38/inst_admin/data/bxizbb7.html#bxizbb7)

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information