Integrating F5 BIG-IP load balancer administration with HP ProLiant Essentials Rapid Deployment Pack



Similar documents
Using HP Systems Insight Manager to achieve high availability for Microsoft Team Foundation Server

HP ilo mobile app for Android

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Defender Delegated Administration. User Guide

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

Microsoft Windows Compute Cluster Server 2003 Getting Started Guide

HP Device Manager 4.7

Backing up and restoring HP Systems Insight Manager 6.0 or greater data files in a Windows environment

HP Server Automation Standard

HP Cloud Map for TIBCO ActiveMatrix BusinessWorks: Importing the template

FTP Server Configuration

HP Device Manager 4.6

SAP Business Intelligence Suite Patch 10.x Update Guide

HP SCOM Management Packs User Guide

HP OpenView Patch Manager Using Radia

HP Cloud Service Automation

Sharing Pictures, Music, and Videos on Windows Media Center Extender

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide

HP Device Manager 4.6

HP IMC Firewall Manager

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

Dell One Identity Cloud Access Manager Installation Guide

HP SCOM Management Packs User Guide

Directory-enabled Lights-Out Management

HP Quality Center. Software Version: Microsoft Word Add-in Guide

HP A-IMC Firewall Manager

Directory Integration in LANDesk Management Suite

About Recovery Manager for Active

HP Velocity Live QoS Support

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

HP Enterprise Integration module for SAP applications

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

WHITE PAPER. HP Guide to System Recovery and Restore

NCD ThinPATH Load Balancing Startup Guide

Symantec AntiVirus Corporate Edition Patch Update

HP Web Jetadmin Database Connector Plug-in reference manual

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

QuickSpecs. HP Device Manager

Dell InTrust Preparing for Auditing Microsoft SQL Server

HP Device Monitor (v 1.1) for Microsoft System Center User Guide

Active Directory Change Notifier Quick Start Guide

HP CloudSystem Enterprise

Dell One Identity Cloud Access Manager How to Configure for High Availability

SolarWinds Migrating SolarWinds NPM Technical Reference

RSA Two Factor Authentication

HP ProLiant Lights-Out 100c Remote Management Cards Overview

Synchronizing ProCurve IDM and Windows Active Directory

HP LeftHand SAN Solutions

HP Device Manager 4.6

HP Application Lifecycle Management

Azure Multi-Factor Authentication. KEMP LoadMaster and Azure Multi- Factor Authentication. Technical Note

HP LeftHand SAN Solutions

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

Microsoft Dynamics GP. econnect Installation and Administration Guide Release 9.0

RSA Two Factor Authentication. Feature Description

HP BladeSystem Management Pack version 1.0 for Microsoft System Center Essentials Troubleshooting Assistant

Application Note. Gemalto s SA Server and OpenLDAP

capacity management for StorageWorks NAS servers

HP Device Monitor for Microsoft System Center User Guide

QuickSpecs. Models. HP ProLiant Lights-Out 100c Remote Management Cards Overview

CA Performance Center

How To Install Caarcserve Backup Patch Manager (Carcserver) On A Pc Or Mac Or Mac (Or Mac)

unisys Unisys Stealth(cloud) for Amazon Web Services Deployment Guide Release 1.0 January

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

HP ProCurve Manager Plus

Foglight Cartridge for Active Directory Installation Guide

Dell Client Profile Updating Utility 5.5.6

Quick Connect Express for Active Directory

TIBCO ActiveMatrix BusinessWorks Plug-in for TIBCO Managed File Transfer Software Installation

HP OneView Administration H4C04S

Deploying and updating VMware vsphere 5.0 on HP ProLiant Servers

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Veritas Cluster Server Application Note: Disaster Recovery for Microsoft SharePoint Server

Object Level Authentication

HP Software as a Service

HP Insight Diagnostics Online Edition. Featuring Survey Utility and IML Viewer

How to configure Failover Clustering for Hyper-V hosts on HP ProLiant c-class server blades with All-in-One SB600c storage blade

How to manage non-hp x86 Windows servers with HP SIM

HP ThinPro. Table of contents. Connection Configuration for RDP Farm Deployments. Technical white paper

HP ProLiant Essentials Vulnerability and Patch Management Pack Server Security Recommendations

Event Manager. LANDesk Service Desk

Unicenter NSM Integration for BMC Remedy. User Guide

SAP BusinessObjects Business Intelligence Suite Document Version: 4.1 Support Package Patch 3.x Update Guide

Quick Start Guide for Parallels Virtuozzo

Installing the BlackBerry Enterprise Server Management console with a remote database

SAP Best Practices for SAP Mobile Secure Cloud Configuration March 2015

NCD ThinPATH Load Balancing Startup Guide versions and 2.8.1

HP D2D NAS Integration with HP Data Protector 6.11

HP NonStop SFTP API Reference Manual

DameWare Server. Administrator Guide

Spotlight on Messaging. Evaluator s Guide

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Installation Guide

Active Directory Reporter Quick start Guide

Citrix Systems, Inc.

Quest ChangeAuditor 4.8

RSA Authentication Manager 7.1 to 8.1 Migration Guide: Upgrading RSA SecurID Appliance 3.0 On Existing Hardware

Secure Shell. The Protocol

Transcription:

Integrating F5 BIG-IP load balancer administration with HP ProLiant Essentials Rapid Deployment Pack Notice... 2 Executive summary... 4 Introduction... 4 RDP... 4 More information... 4 F5 BIG-IP load balancer... 4 Implementing the solution... 5 Prerequisites... 5 Leveraging SSH... 5 Downloading PuTTY... 5 Configuring the solution... 6 Logging in to the load balancer from the deployment server... 6 Enabling public key authentication on the deployment server... 6 Exporting a client private key to the load balancer... 10 Using RDP jobs to administer the load balancer... 12 Adding a server... 13 Deleting a member... 14 Conclusion... 15 For more information... 16

Notice This document contains examples of code ( Code ) that you may want to use in building or developing your own application. You may use this Code only as permitted herein. By your use of Code, you agree to the terms below. The Licensor, Hewlett-Packard Development Company, L.P. ("HPDC"), grants you the rights listed below. You may use the Code either by referring to it when developing your own application, copying it in whole or in part into your application, or building upon a portion or all of it to create your own application based on it. While using the Code to build your own application, you may alter it, modify it, and create derivative works of the Code. You may also use the Code to test your application. You may distribute the Code provided that you comply with the conditions on distribution described below. Conditions on Distribution You may : (1) reproduce and distribute an unlimited number of copies of the Code within your application, in source code form, internally within your organization, including subsidiaries and affiliates; (2) you may reproduce and distribute an unlimited number of copies of the Code within your application, in source code form, externally provided that: (a) your application adds significant and primary functionality to the Code; (b) you distribute your application containing the Code under an End-User License Agreement, or in signed hard-copy form, with terms no less protective than those contained herein, but permitting your end users only internal distribution as described in item (1) above; (c) you do not use the HPDC name, trademarks, or logo; or the name, trademarks, or logo of Compaq Computer Corporation ("Compaq"); or the name, trademarks, or logo Hewlett- Packard Company ( HP ) to market your application; (d) you include a valid copyright notice on your application; and (e) you agree to indemnify, hold harmless, and defend Compaq, HP, and HPDC from and against any claims or lawsuits, including attorneys' fees, that arise or result from the use or distribution of your application. (3) reproduce and distribute an unlimited number of copies of the Code within your application, in binary form, internally within your organization, including subsidiaries and affiliates, or externally provided that: (a) you do not use the Compaq name, trademarks, or logo; or the name, trademarks or logo of Hewlett-Packard Company; or the name, trademarks, or logo of HPDC to market your application; (b) you include a valid copyright notice on your application; and (c) you agree to indemnify, hold harmless, and defend Compaq, HP, and HPDC from and against any claims or lawsuits, including attorneys' fees, that arise or result from the use or distribution of your application. 2

NO WARRANTY THE CODE IN THIS DOCUMENT IS PROVIDED 'AS-IS', WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY. IN NO EVENT WILL COMPAQ, HP, OR HPDC AND/OR THEIR SUBSIDIARIES OR AFFILIATES BE HELD LIABLE FOR ANY DAMAGES ARISING FROM THE USE OF THIS CODE. TO THE EXTENT PERMITTED BY LAW, COMPAQ AND HP AND HPDC, HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THE CODE, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE CODE IS WITH YOU. SHOULD THE CODE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. IN NO EVENT SHALL COMPAQ, HP, OR HPDC OR THEIR SUBSIDIARIES OR AFFILIATES BE LIABLE FOR ANY DIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS INFORMATION, ARISING OUT OF THE USE OR INABILITY TO USE THE CODE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE CODE TO OPERATE WITH ANY OTHER PROGRAMS), OR OTHER DAMAGES WHATSOEVER, EVEN IF COMPAQ, HP, AND/OR HPDC HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Reproduction, adaptation or translation without prior written permission is prohibited, except as allowed under the copyright laws. 3

Executive summary Load balancers are one of the most critical pieces of infrastructure in a server farm. As with all other infrastructure, they must be administered. Many environments already have HP ProLiant Essentials Rapid Deployment Pack (RDP) deployed, so it can make sense to leverage this tool for load balancer administration. This white paper shows how to set up a Secure SHell (SSH) link between an RDP deployment server and an F5 Networks BIG-IP load balancer and how to integrate BIG-IP administration into RDP. Once the SSH link has been set up, it is possible to create a wide variety of administrative scripts for load balancer configuration. Readers should have some familiarity with load balancing devices and with SSH administration. Introduction Located at or near the edge of the network, load-balancing technologies are becoming an increasingly important part of any enterprise IT installation and can be valuable even in smaller environments. Sometimes, however, it is difficult to integrate load-balancer management into the standardized administration tool suite adopted by a particular IT organization. This problem may be mitigated when the load-balancer vendor adopts industry standards and implements an Application Programming Interface (API) that exposes the appropriate administrative functionality. F5, for example, offers icontrol, an API that is accessible via a Simple Object Access Protocol (SOAP) interface that can be integrated with tools supporting web services. For implementations where a simpler solution is desirable, F5 also provides a load-balancer console to external users by means of Secure SHell (SSH). By leveraging SSH, customers can integrate scripted administration of the F5 BIG-IP load balancer into HP ProLiant Essentials Rapid Deployment Pack (RDP). RDP RDP automates the process of deploying and provisioning server software, enabling organizations to quickly and easily adapt to changing business demands. Moreover, it provides a flexible scripting tool that allows customized installation and administration scripts to be written for nearly any data center need. This is a powerful capability that enables administrators to leverage the in-the-box functionality of RDP for more advanced purposes. The key component of RDP is the Integrated ProLiant Integration Module, which provides preconfigured scripts and integrated support software. Features include: Instant, out-of-the-box functionality for HP ProLiant servers Advanced features for HP ProLiant server blades Support for Integrated Lights-Out (ilo) More information Additional information, with links to the Windows and Linux Editions of RDP, is available at http://h18004.www1.hp.com/products/servers/management/rdp.html. F5 BIG-IP load balancer A complete overview of the BIG-IP product line is available on the F5 website at http://www.f5.com/products/bigip/. 4

Implementing the solution The solution proposed in this white paper integrates BIG-IP administration via the RDP Deployment Console. The solution is based on RDP Windows Edition. Prerequisites Two important considerations must be addressed prior to implementing this solution: The RDP deployment server must be able to route over a network to the BIG-IP load balancer. The load balancer must also be able to route back to the RDP deployment server. The load balancer must be configured so that it can resolve Domain Name System (DNS) addresses correctly. In an environment where servers have multiple IP addresses, the load balancer must resolve DNS names to IP addresses that can be used when adding the server to a load balancer pool. Note: The address for which DNS resolution must be enabled typically refers to the external or public IP addresses of servers with more than a single address. Refer to BIG-IP documentation for information on configuring DNS resolution on the load balancer. Leveraging SSH This solution leverages SSH to communicate between the RDP Deployment Console and the administrative console of the BIG-IP load balancer. BIG-IP BIGPIPE scripts can be written and deployed as jobs within the RDP Deployment Console, which requires an SSH client for Microsoft Windows. Note: These jobs make use of the text substitution feature of RDP so that server names can be incorporated dynamically into a script. This solution uses PuTTY, a remote client tool for Windows that supports SSH-1 and SSH-2; however, any Windows-compatible SSH client can be used, as long as it supports public-key authentication. Downloading PuTTY PuTTY can be downloaded at no charge from a number of different sites worldwide. The simplest way to find the site nearest you is to type putty download into your favorite web search engine and choose the appropriate link. Sample search links include the following: Google http://www.google.com/search?hl=en&lr=&q=%22putty+download%22 MSN Search http://search.msn.com/results.aspx?form=rehp&q=%22putty%20download%22 AOL Search http://search.aol.com/aolcom/search?invocationtype=topsearchbox.webhome&query=%22putty+ download%22 5

Yahoo http://search.yahoo.com/search?ei=utf-8&fr=sfp&p=%22putty+download%22 Excite http://msxml.excite.com/info.xcite/search/web/putty%2bdownload/1/-/1/-/-/-/-/-/-/-/-/-/-/-/-/- /-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/417/top Configuring the solution Perform the following steps to set up the solution: Logging in to the load balancer from the deployment server Enabling public key authentication on the deployment server Exporting a client private key to the load balancer Logging in to the load balancer from the deployment server Using the plink.exe tool that is included with the PuTTY installation, perform the following procedure to connect the deployment server to the load balancer via SSH: 1. Type the following from a command prompt: plink <BIG-IP administrative IP address> 2. Answer y (yes) when asked if you wish to cache the server s host key in the registry. 3. When you receive a username and password prompt, log in as a user with administrative privileges on the load balancer, as shown in Figure 1. Figure 1. Showing the initial interaction login via SSH You have successfully used SSH to log in for the first time from the RDP Deployment Console to the load balancer. Now, you must configure public key authentication on the RDP Deployment Console. Enabling public key authentication on the deployment server In order to support public key authentication, the load balancer s host key must be stored in the registry cache of the Local System user on the deployment server. The simplest way to achieve this is to create a temporary RDP job that executes a load balancer login from the Local System account. 6

Note: For more information, refer to Section 8 of the PuTTY Help file. Perform the following procedure to use RDP 1 to log in to the load balancer: 1. Create a new job. 2. Add a script to the job, as shown in Figure 2. Add the plink command as the only line in the script. Figure 2. Creating a script that invokes the plink command 3. Select Next. 1 RDP 2.2 was used in this example. 7

4. In the next Run Script dialog box (shown in Figure 3), retain all default values except Script Window, which should be changed to Normal. Figure 3. Changing the default value to display a normal script window 5. Select Finish. 8

6. Drag the job to the deployment server; in the example shown in Figure 4, the script Test is dragged to server SAERDP in the RDP Deployment Console. Figure 4. Dragging the new job to the deployment server 7. A similar window to that shown in Figure 1 appears on the RDP Deployment Console; in this case, however, it is the Local System account that is attempting to log in to the load balancer. Respond just as you did previously to cache the server s host key in the Local System account s registry. IMPORTANT: Step 7 is necessary because BIGPIPE configuration jobs will run on the deployment server. Thus, in this configuration, these jobs will run in the context of the Local System account. 9

Exporting a client private key to the load balancer The next step is to generate a client private key and export it to the load balancer so that authentication can occur without a password. Perform the following procedure: 1. Run PuTTYgen, a key generator utility that installs with PuTTY. This utility can be launched from the Start Menu. 2. Select Choose Key Generate Key Pair; follow the on-screen instructions, as shown in Figure 5. Figure 5. Generating a public/private key pair, moving the mouse to create randomness 3. After you have generated sufficient randomness, select Save private key to export the newlygenerated private key. IMPORTANT: Export the key without a pass phrase. 10

4. Copy the text in the Public key for pasting into OpenSSH authorized_keys file window (as shown in Figure 6); paste this text into a text file named authorized_keys. Figure 6. Generating a public/private key pair 11

5. Copy the authorized_keys file to the load balancer specifically, to the $HOME/.ssh directory for the account used when logging in to the load balancer (root, in this example). The simplest way to copy this file is through the PSCP 2 utility that installs with PuTTY, as shown in Figure 7. Figure 7. Copying the authorized_keys file to the load balancer 6. The environment is now ready to support public key authentication. To test this capability, type the following in a command box: plink -ssh -l root -i "C:\Program Files\PuTTY\f5privatekey_2.ppk" 192.168.4.245 The SSH server on the load balancer no longer issues a password prompt. At this point RDP configuration jobs can be generated to automatically configure the load balancer pool. Using RDP jobs to administer the load balancer Fundamentally, the following two tasks are required to administer a load balancer: Add a server to an existing load balancer pool Remove a server from a pool This white paper documents how to use the BIGPIPE command line utility available on all BIG-IP load balancers to add members to or delete members from a pool. Note: Since BIGPIPE is being used, any BIG-IP configuration task can be accomplished with the appropriate script. 2 An SCP client, for secure file copying 12

Adding a server The following procedure adds a server to an existing load balancer pool: 1. Create a new RDP job named BIGPIPE Add Member. 2. Add a single Run Script task to the job. 3. Enter the following script: "C:\Program Files\PuTTY\plink" -ssh -l root -i "C:\Program Files\PuTTY\myprivatekeyfile.ppk" 192.168.4.245 bigpipe pool my_pool add {member %#*"select replace([name],' ','') from computer where computer_id={id}"%.mydomain.com:http} "C:\Program Files\PuTTY\plink" -ssh -l root -i "C:\Program Files\PuTTY\ myprivatekeyfile.ppk" 192.168.4.245 bigpipe node %#*"select replace([name],' ','') from computer where computer_id={id}"%.mydomain.com:http monitor use my_monitor Items shown in bold type in this script (such as myprivatekeyfile.ppk) must be replaced with the specific items applicable to your environment. The rest of the script is generic. Of particular interest are the %#*"select replace([name],' ','') from computer where computer_id={id}"% sections of the script. These query strings are dynamically replaced with the name of the computer against which the script is being run; thus, when the script is dragged to a particular computer, that computer s name is substituted for the query texts. The end result passes the computer s name as a parameter for a BIGPIPE command to be executed on the load balancer. 4. After entering the script, select Next. 13

5. In the resulting dialog box (shown in Figure 8), select Locally on the Deployment Server for the Script Run Location to avoid the inconvenience of configuring public key SSH authentication for every server you might wish to configure. Figure 8. Selecting the option to run the script locally on the Deployment Server 6. You are now ready to run the script; select Finish. Deleting a member The procedure for deleting a member from a load balancer pool is similar to the above procedure for adding a member. In this example, the delete job is named BIGPIPE Delete Member; the script is as follows: "C:\Program Files\PuTTY\plink" -ssh -l root -i "C:\Program Files\PuTTY\ myprivatekeyfile.ppk" 192.168.4.245 bigpipe node %#*"select replace([name],' ','') from computer where computer_id={id}"%.mydomain.com:http monitor delete "C:\Program Files\PuTTY\plink" -ssh -l root -i "C:\Program Files\PuTTY\myprivatekeyfile.ppk" 192.168.4.245 bigpipe pool my_pool delete {member %#*"select replace([name],' ','') from computer where computer_id={id}"%.mydomain.com:http} 14

Conclusion This white paper shows how to set up an SSH link between an RDP deployment server and an F5 BIG- IP load balancer and how to integrate BIG-IP administration into RDP, and includes two sample administration scripts. Once the SSH link has been set up, it is possible to configure a wide variety of administrative scripts for load balancer configuration; indeed, any administrative activity that can be executed through the BIGPIPE command or through any other command supported by the load balancer can be scripted to run through RDP. 15

For more information HP ActiveAnswers A repository where HP openly shares its experience and best practices for the planning, deployment, and operation of enterprise solutions. HP ActiveAnswers includes up-to-date technical information, a system configurator, server sizers, and storage and performance tools. http://h71019.www7.hp.com/activeanswers/cache/71108-0-0-0-121.aspx HP website HP is a company unlike any other. It's a fact underscored by our reach across consumer, small and medium-size business (SMB) and enterprise customer segments, by our presence and leadership in key regions around the world, and by our uniquely rich technology portfolio. http://www.hp.com/ F5 HP Technology Alliance page http://www.f5.com/solutions/partners/tech/hp.html F5 Partner portal for HP and F5 http://hp.f5.com/ HP StorageWorks From the leading provider of storage solutions for your Adaptive Enterprise. http://www.hp.com/go/storageworks HP Integrity servers Trust HP Integrity servers for your most demanding workloads. http://www.hp.com/go/integrity HP BladeSystem Foundation for efficient, agile IT. http://www.hp.com/go/bladesystem HP ProLiant servers Leading innovation, choice and value. http://www.hp.com/go/proliant ProCurve Networking by HP http://www.hp.com/go/procurve HP Adaptive Enterprise -- Business and IT synchronized to capitalize on change. http://www.hp.com/go/adaptive HP Dev Resource Central website Helping you integrate and instrument your applications. http://devresource.hp.com/drc/index.jsp HP Dev Resource Central website for Microsoft Visual Studio.NET http://devresource.hp.com/drc/topics/net.jsp 16

HP Dynamic Internet Solutions Architecture (DISA) To compete in today's marketplace, your business must be available all day, every day. Businesses that thrive on the Internet don't take chances. They plan for change and prepare for the unexpected. The HP Dynamic Internet Solutions Architecture (DISA), can help you build highly scalable, highly available, Internet-enabled application environments that yield sustained performance even with extreme load fluctuations. http://h71028.www7.hp.com/enterprise/cache/3799-0-0-225-121.aspx 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. 1/2006 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information