Deploying SAP NetWeaver Infrastructure with Foundry Networks ServerIron Deployment Guide



Similar documents
Configuring Highly Available OracleAS Infrastructure with Brocade ServerIron Application Delivery Controllers

Deploying the Brocade ServerIron ADX with Microsoft Exchange Server 2010

WHITE PAPER MICROSOFT LIVE COMMUNICATIONS SERVER 2005 LOAD BALANCING WITH FOUNDRY NETWORKS SERVERIRON PLATFORM

Server Iron Hands-on Training

Transparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG

Building Trusted VPNs with Multi-VRF

CAMPUS NETWORK Enhancing the Performance of Microsoft Office SharePoint Server Using Brocade ServerIron and Blue Coat ProxySG

Solution Guide: Load Balancing with the Brocade ServerIron Platform

Deploying Brocade ServerIron ADX to Increase Availability, Scalability, and Security of Microsoft Lync Server 2010 Infrastructure

CLE202 Introduction to ServerIron ADX Application Switching and Load Balancing

Deployment Guide AX Series with Citrix XenApp 6.5

Deployment Guide Microsoft IIS 7.0

Deployment Guide Oracle Siebel CRM

How To Understand The Benefits Of An Mpls Network

Deployment Guide AX Series with Active Directory Federation Services 2.0 and Office 365

ServerIron TrafficWorks Firewall Load Balancing Guide

Thunder Series for SAP BusinessObjects (BOE)

DATA CENTER. Best Practices for High Availability Deployment for the Brocade ADX Switch

Deployment Guide MobileIron Sentry

Introduction to ServerIron ADX Application Switching and Load Balancing. Module 6: Content Switching (CSW) Revision 0310

Configuring the Brocade ServerIron to Enable Peak Performance of Siemens ComAssistant

Cisco Application Networking for IBM WebSphere

Cisco Application Networking for BEA WebLogic

Introduction to ServerIron ADX Application Switching and Load Balancing. Module 5: Server Load Balancing (SLB) Revision 0310

Citrix NetScaler 10 Essentials and Networking

Thunder Series for SAP Customer Relationship Management (CRM)

ServerIron TrafficWorks Server Load Balancing Guide

Deployment Guide Microsoft Exchange 2013

Configuring Citrix NetScaler for IBM WebSphere Application Services

Configuring and Implementing A10

Exam Name: Foundry Networks Certified Layer4-7 Professional Exam Type: Foundry Exam Code: FN0-240 Total Questions: 267

How To Manage A Netscaler On A Pc Or Mac Or Mac With A Net Scaler On An Ipad Or Ipad With A Goslade On A Ggoslode On A Laptop Or Ipa On A Network With

USING BROCADE ADX LOAD BALANCER WITH EMC ATMOS

Solution Brief. Load Balancing to Provide Scalable, Reliable, Secure Access Solutions

AppDirector Load balancing IBM Websphere and AppXcel

Layer 4-7 Server Load Balancing. Security, High-Availability and Scalability of Web and Application Servers

Deployment Guide May-2015 rev. a. APV Oracle PeopleSoft Enterprise 9 Deployment Guide

Thunder ADC for Epic Systems

Load Balancing for Microsoft Office Communication Server 2007 Release 2

How To Configure An Orgaa Cloud Control On A Bigip (Cloud Control) On An Orga Cloud Control (Oms) On A Microsoft Cloud Control 2.5 (Cloud) On Microsoft Powerbook (Cloudcontrol) On The

CNS-208 Citrix NetScaler 10.5 Essentials for ACE Migration

F5 Configuring BIG-IP Local Traffic Manager (LTM) - V11. Description

CNS-205 Citrix NetScaler 10 Essentials and Networking

Basic & Advanced Administration for Citrix NetScaler 9.2

Configuring Nex-Gen Web Load Balancer

Implementing Microsoft Office Communications Server 2007 With Coyote Point Systems Equalizer Load Balancing

Citrix NetScaler 10.5 Essentials for ACE Migration CNS208; 5 Days, Instructor-led

Load Balancing Oracle Web Applications. An Oracle White Paper November 2004

Radware s AppDirector and AppXcel An Application Delivery solution for applications developed over BEA s Weblogic

HAProxy. Ryan O'Hara Principal Software Engineer, Red Hat September 17, HAProxy

GLOBAL SERVER LOAD BALANCING WITH SERVERIRON

Microsoft Exchange 2013 DEPLOYMENT GUIDE

Brocade One Data Center Cloud-Optimized Networks

Deployment Guide. AX Series with Juniper Networks SA Series SSL-VPN Appliances Solution

AX Series with Microsoft Exchange Server 2010

Oracle Collaboration Suite

Radware s AppDirector and Microsoft Windows Terminal Services 2008 Integration Guide

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy

Configuring Stickiness

Brocade SIP-Intelligent Application Switching for IP Communication Services

APPLICATION NOTES High-Availability Load Balancing with the Brocade ServerIron ADX and McAfee Firewall Enterprise (Sidewinder)

What's New in Cisco ACE Application Control Engine Module for the Cisco Catalyst 6500 and Cisco 7600 Series Software Release 2.1.0

DEPLOYMENT GUIDE DEPLOYING THE BIG-IP SYSTEM WITH MICROSOFT INTERNET INFORMATION SERVICES (IIS) 7.0

Deploying the BIG-IP System v10 with SAP NetWeaver and Enterprise SOA: ERP Central Component (ECC)

Microsoft Lync Server 2010

Cisco ACE Application Control Engine: ACEBC Catalyst 6500 and 4710 Applicance Boot Camp

Deployment Guide. AX Series for Microsoft Lync Server 2010

DEPLOYMENT GUIDE DEPLOYING F5 WITH MICROSOFT WINDOWS SERVER 2008

VERITAS Cluster Server Traffic Director Option. Product Overview

DEPLOYMENT GUIDE. Deploying F5 for High Availability and Scalability of Microsoft Dynamics 4.0

Thunder ADC for SAP Business Suite DEPLOYMENT GUIDE

AX Series with Microsoft Exchange Server 2010

DEPLOYMENT GUIDE DEPLOYING F5 WITH SAP NETWEAVER AND ENTERPRISE SOA

Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2. Office Communications Server Overview.

Ranch Networks for Hosted Data Centers

Brocade Certified Layer 4-7 Professional Version: Demo. Page <<1/8>>

ENQUIRY NO.NIE/PS/ DATE: 02/09/2014

Deployment Guide July-2014 rev. a. Deploying Array Networks APV Series Application Delivery Controllers with Oracle WebLogic 12c

Managing Virtual Servers

Microsoft SharePoint 2013 with Citrix NetScaler

Deployment Guide Jan-2016 rev. a. Deploying Array Networks APV Series Application Delivery Controllers with Oracle WebLogic 12c

Deployment Guide. AX Series with Microsoft Office SharePoint Server

VMware View 5.0 and Horizon View 6.0 DEPLOYMENT GUIDE

5 Easy Steps to Implementing Application Load Balancing for Non-Stop Availability and Higher Performance

Microsoft Lync Server Overview

Application Delivery Controller (ADC) Implementation Load Balancing Microsoft SharePoint Servers Solution Guide

Load Balancer. Introduction. A guide to Load Balancing.

How To Use Netscaler As An Afs Proxy

Understanding Slow Start

CNS-208 CITRIX NETSCALER 10.5 ESSENTIALS FOR ACE MIGRATION

DEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP LTM v10 with Citrix Presentation Server 4.5

Brocade Virtual Traffic Manager and Oracle Application Server 10G Deployment Guide

Microsoft Exchange 2016 DEPLOYMENT GUIDE

The Application Front End Understanding Next-Generation Load Balancing Appliances

Microsoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE

Reverse Proxy with SSL - ProxySG Technical Brief

Advanced SLB High Availability and Stateless SLB

TESTING & INTEGRATION GROUP SOLUTION GUIDE

HTTPS HTTP. ProxySG Web Server. Client. ProxySG TechBrief Reverse Proxy with SSL. 1 Technical Brief

Transcription:

Deplloyiing SAP NetWeaver Inffrastructure s wiith Foundry Networks ServerIron Deployment Guide July 2008 Copyright Foundry Networks Page 1

Table of Contents Executive Overview... 3 Deployment Architecture... 3 ServerIron Configuration... 5 Additional Design Considerations Foundry-SAP Solution... 8 Appendix A Running Configuration... 10 Appendix B Additional Information... 13 Copyright Foundry Networks Page 2

Executive Overview SAP is one of the leading providers of business software serving customers all over the world. These customers employ SAP technology to build comprehensive solutions for every aspect of business operations. Organizations of all sizes use SAP solutions to reduce cost, ease operations, manage business processes and improve performance. SAP NetWeaver technology offerings enable customers to execute a service oriented architecture (SOA) strategy and enjoy new levels of flexibility in the business process management. In the absence of a secure, high-performing, highly scaling and highly available network infrastructure, organizations will not be able to realize the full potential of SAP solutions. Foundry s intelligent application delivery switches can be configured to constantly monitor SAP application servers and optimally distribute traffic among them in order to achieve maximum application availability for business end-users. Integrating Foundry s ServerIron application delivery switches in front of SAP application servers enables organizations to maintain their competitive edge and remain on top of ever evolving business needs. Deployment Architecture SAP and Foundry designed a set of tests to illustrate how Foundry s ServerIron application switches accelerate delivery of SAP applications and secure SAP application servers. The test landscape incorporated many scenarios that customers typically use with their SAP SOA applications. All tests were performed with Foundry s ServerIron switches front ending the SAP NetWeaver application platform. These tests were conducted using the ServerIron GT-E with Integrated SSL (2BP) and ServerIron 4G-SSL hardware. The ServerIron software version used for this testing was TrafficWorks release 10.1 switch code. Figure 1: Integration Setup Foundry ServerIron 4G-SSL L2 Switch Wide Area Network L2 Switch Foundry ServerIron GT-E (Integrated SSL) L4 SLB SSL Acceleration Cookie Switching L7 SLB Custom Composite Application SAP Enterprise Portal NetWeaver BackEnd End-Users Server Composition Environment ECC Emulation Server Server Copyright Foundry Networks Page 3

Basic Terminologies Real server Real Servers are the Application Servers. They are either placed behind the application delivery switch via direct or indirect connection, or are connected to the core network infrastructure. In case of later, the application delivery switch such as ServerIron is connected to the core network via single upstream link and all traffic flows through this link. This design is also referred to as one-arm design. In a typical network, there would be one or more real servers running the same application instance to service clients/users. Application delivery switches allow administrators to add or remove real servers from the available pool without impacting service availability. Virtual server A Virtual server represents the logical instance of the application and resides on the application delivery switch. This virtual instance is mapped to a pool of backend real servers that provide application content. Clients connect to the virtual server and the application delivery switch load balances these requests among multiple real servers. Server Load Balancing (SLB) SLB offers numerous benefits such as ease of server farm administration, higher performance with efficient load distribution, better service availability & reliability with automatic failover and higher security. Application servers can be added or removed depending on traffic requirements without impacting service to existing end-users. Health Checks A health check is a mechanism through which application delivery switches poll backend real servers on a periodic basis for service availability. The ServerIron application delivery switches can use layer 3, layer 4, layer 7 and scripted health checks to verify availability of real servers and application instances on these real servers. If a real server or an application instance on a real server fails a health check, then the application switch takes that instance out of service rotation. Load Balancing Predictor The predictor algorithm determines how to balance client requests among multiple real servers. Some of the most popular predictor methods are: - Least Connections - Round Robin - Weighted - Dynamic Weighted Session Persistence If an application requires that end-user should connect to or persist to the same real server for subsequent requests then some form of connection or session persistence mechanism is employed. Session persistence can be based on fields such as client ip, http cookie, or http URL. Copyright Foundry Networks Page 4

SSL Acceleration The Secure Sockets Layer (SSL) has become the most widely used protocol today for providing security and confidentiality for communications over the Internet. SSL provides a secure pipe and allows other protocols such as http to run inside it. Foundry ServerIron SSL acceleration offloads SSL handshake and encryption/decryption tasks from the real server. This saves processor cycles on the real servers and accelerates end-to-end application performance. ServerIron Configuration Configuration Steps 1) Enter the ServerIron configuration mode Connect to the ServerIron switch using console connection or telnet into the switch and issue following commands: SI> enable SI# config term SI(config)# All further configuration edits are executed from config mode. 2) Define the Real Servers Define real servers that are hosting Portal application and BackEnd application using following commands: (config)# server real <RsPortal1_name> <RsPortal1_IP> port <RsHTTPPort1> port <RsHTTPPort1> server-id <RsPortal1-id#> port <RsHTTPPort1> group-id <RsPortalGp-id#_start> <RsPortalGp-id#_end> (config)# server real <RsPortal2_name> <RsPortal2_IP> port <RsHTTPPort2> port <RsHTTPPort2> server-id <RsPortal2-id#> port <RsHTTPPort2> group-id <RsPortalGp-id#_start> <RsPortalGp-id#_end> For the integration setup in lab, the two Portal server instances were simulated on a single server and they were configured to listen on different ports, RsHTTPPort1 and RsHTTPPort2. (config)# server real <RsBE1_name> <RsBE1_IP> port <RsBEPort1> port <RsBESSLPort1> (config)# server real <RsBE2_name> <RsBE2_IP> port <RsBEPort2> port <RsBESSLPort2> For the integration setup in lab, the two BackEnd server instances were simulated on a single server and they were configured to listen on two ports, RsBEPort1 and RsBEPort2. Copyright Foundry Networks Page 5

3) Define the Virtual Servers Configure the virtual servers for Portal and BackEnd applications and associate (or bind) them to their respective real servers using the following commands: (config)# server virtual <VsPortal_name> <VsPortal_IP> port <VsHTTPSPort> bind <VsHTTPSPort> <RsPortal1_name> <RsHTTPPort1> <RsPortal2_name> <RsHTTPPort2> (config)# server virtual <VsBE_name> <VsBE_IP> port <VsBEPort> bind <VsBEPort> <RsBE1_name> <RsBEPort1> <RsBE2_name> <RsBEPort2> 4) Optionally, change the default load balancing predictor method The default predictor method is least connections i.e. by default, the ServerIron switch selects the real server that has least number of connections for handling subsequent client request. One can optionally employ different predictor method. (config)# server predictor round-robin 5) Configure the real server port characteristics Configure port profiles and define real server ports as TCP ports using the following commands: (config)# server port <RsHTTPPort1> (config)# server port <RsHTTPPort2> (config)# server port <RsBEPort1> (config)# server port <RsBEPort2> (config)# server port <RsBESSLPort1> (config)# server port <RsBESSLPort2> 6) Define SSL traffic profile and associate it with the virtual server Prior to defining SSL traffic profile, upload SSL certificate and key to ServerIron. The certificate may be self signed or obtained from a third party certificate authority. This certificate is presented to the clients when they connect to the virtual server IP through secure SSL channel. (config)# ssl profile <sslprofile_name> keypair-file <keyfile_name> certificate-file <certfile_name> cipher-suite <select_cipher-suites> (config)# virtual <VsPortal_name> <VsPortal_IP> port <VsHTTPSPort> ssl-terminate <sslprofile_name> 7) Configure client connection persistence using cookie insert and switching Configure ServerIron to do a search for a pre-defined cookie name inside each client request. If the cookie is present then extract cookie value and persist to real server that is identified using this cookie value. If the cookie is not present then insert cookie with name as ServerID and value as server-id of the real server that processed the request in the server response message going to the Copyright Foundry Networks Page 6

client. This cookie string and value are then used for persistence of a client connection to a given real server instance. (config)# csw-rule "<rule_name> header "cookie" pattern "ServerID=" (config)# csw-policy "<policy_name>" match "<rule_name>" persist offset 0 length <serverid_length> group-or-server-id default forward <RsPortalGp-id#> default rewrite insert-cookie ServerID (config)# server virtual <VsPortal_name> <VsPortal_IP> port VsHTTPSPort port VsHTTPSPort cookie-name "ServerID" port VsHTTPSPort csw-policy "<policy_name>" port VsHTTPSPort csw 8) Enable client side keepalives This allows ServerIron to handle multiple http transactions (http v1.1) over single client side connection while doing layer 7 switching. Enable client keepalive using the following command: (config)# server virtual <VsPortal_name> <VsPortal_IP> port VsHTTPSPort keep-alive 9) Optionally, enable source address NAT if required This step is optional. Source address NAT is required when the ServerIron switch is connected onearm to the network infrastructure. This is to ensure that the response traffic passes through the ServerIron switch. On the other hand, this step isn t required when real servers are placed inline with the ServerIron switch. (config)# server source-nat (config)# server source-ip <IP-address1> <subnet-mask> <default-gateway> (config)# server source-ip <IP-address2> <subnet-mask> <default-gateway> for-ssl Note: If High Availability (HA) is configured using two ServerIron switches then define source-natip addresses instead of source-ip addresses in this step. The definition of source-nat-ip address along with port-range keyword allows sharing of the same IP address between two peer units by dividing their allowable port ranges into two halves. 10) Configure L4 SLB for Composite Application Servers The Composite Application Servers may reside at remote branch office or available locally. For the integration lab, these servers were hosted at remote branch office using separate ServerIron unit. The configuration steps for this unit are very similar. Configure Composite real servers, Composite virtual servers, define port characteristics, and specify port bindings. Optionally, enable source address NAT if applicable and modify load balancing predictor method. (config)# server real <RsComp1_name> <RsComp1_IP> port <RsCompPort1> port <RsCompSSLPort1> (config)# server real <RsComp2_name> <RsComp2_IP> port <RsCompPort2> port <RsCompSSLPort2> (config)# server virtual <VsComp_name> <VsComp_IP> port <VsCompPort> bind <VsCompPort> <RsComp1_name> <RsCompPort1> <RsComp2_name> <RsCompPort2> Copyright Foundry Networks Page 7

(config)# server port <RsCompPort1> (config)# server port <RsCompPort2> (config)# server port <RsCompSSLPort1> (config)# server port <RsCompSSLPort2> Tcp (config)# server source-nat (config)# server source-ip <IP-address1> <subnet-mask> <default-gateway> (config)# server predictor round-robin Lab Configuration The following port numbers were used while configuring the ServerIron switch in the integration lab. Define additional ports if necessary. Port Value <RsHTTPPort1> 50000 <RsHTTPPort2> 50200 <VsHTTPSPort> 443 (SSL) <RsBEPort1> 50100 <RsBESSLPort1> 50101 <RsBEPort2> 50200 <RsBESSLPort2> 50201 <VsBEPort> 1080 <RsCompPort1> 50100 <RsCompSSLPort1> 50101 <RsCompPort2> 50300 <RsCompSSLPort2> 50301 <VsCompPort> 1080 Appendix A reflects the running configurations of the two ServerIron units in the integration lab. Additional Design Considerations Foundry-SAP Solution High Availability For building highly available SAP application delivery infrastructure, configure ServerIron application delivery switches in high availability (HA) mode. The two ServerIron switches that are enabled for high availability provide device level redundancy and quick recovery in the event of primary unit failure. Copyright Foundry Networks Page 8

Security The Denial of Service (DoS) attack prevention feature when enabled provides attack protection against multi-million TCP SYN attacks per second. ServerIron offers this protection at a very high rate because the feature is implemented using hardware assistance. Global Server Load Balancing (GSLB) As reliance on IP and Web applications for business processes increases, many organizations need to deliver business services from multiple locations for faster delivery, redundancy and scalability. GSLB uses a DNS-based approach to distribute client traffic to multiple locations and offers automatic failover between sites for disaster recovery and multi-site scalability. GSLB is transparent to SAP application implementation and deployment. It can be added as an additional solution to offer redundancy across sites. Copyright Foundry Networks Page 9

Appendix A Running Configuration SerevreIron GT-E with Integrated SSL (2BP) ~ As seen on extreme right in Figure 1 above ~ Functions SSL Acceleration, Cookie Insert/Switching for session persistence & load balancing SLB-ServerIronGT E-2#sh runn Building configuration... Current configuration : 2125 bytes ver 10.1.00TD2 module 1 bi-0-port-wsm6-ssl-management-module module 2 bi-jc-16-port-gig-copper-module ssl profile sap keypair-file sap-key certificate-file sap-cert cipher-suite all-cipher-suites server predictor round-robin server port 50000 server port 50200 server port 50100 server port 50101 server port 50201 server source-nat server source-ip 169.145.90.30 255.255.255.0 0.0.0.0 server source-ip 169.145.90.29 255.255.255.0 0.0.0.0 for-ssl csw-rule "r1" header "Cookie" pattern "Serverid=" csw-policy "p1" match "r1" persist offset 0 length 4 group-or-server-id default forward 2 default rewrite insert-cookie "Serverid" server real portal 169.145.90.11 port 50000 port 50000 server-id 1024 port 50000 group-id 2 2 port 50200 port 50200 server-id 1025 Copyright Foundry Networks Page 10

port 50200 group-id 2 2 server real BE 169.145.90.16 port 50100 port 50200 port 50101 port 50201 server virtual portal-vip 169.145.90.20 port ssl port ssl ssl-terminate sap port ssl cookie-name "Serverid" port ssl csw-policy "p1" port ssl csw port ssl keep-alive bind ssl portal 50000 portal 50200 server virtual BE-vip 169.145.90.26 port 1080 bind 1080 BE 50100 BE 50200 vlan 1 name DEFAULT-VLAN by port no spanning-tree vlan 2 by port untagged ethe 2/9 to 2/16 no spanning-tree no enable aaa console ip address 169.145.90.1 255.255.255.0 ip default-gateway 169.145.90.15 telnet server snmp-server web-management interface ethernet 2/1 interface ethernet 2/9 end ServerIron 4G-SSL ~ As seen on extreme left of Figure 1 above ~ Functions L4 load balancing LB-ServerIron 4G#sh runn Building configuration... Current configuration : 1089 bytes ver 10.1.00TI2 Copyright Foundry Networks Page 11

no global-stp server predictor round-robin server port 50300 server port 50301 server port 50100 server port 50101 server source-nat server source-ip 169.145.89.29 255.255.255.0 0.0.0.0 server real composite 169.145.89.16 port 50300 port 50301 port 50100 port 50101 server virtual composite-vip 169.145.89.20 port 1080 port ssl sticky bind 1080 composite 50100 composite 50300 bind ssl composite 50301 composite 50101 vlan 1 name DEFAULT-VLAN by port no spanning-tree no enable aaa console ip address 169.145.89.30 255.255.255.0 ip default-gateway 169.145.89.15 telnet server snmp-server web-management interface ethernet 1 end Copyright Foundry Networks Page 12

Appendix B Additional Information SAP NetWeaver http://www.sap.com/usa/platform/netweaver/index.epx Foundry ServerIron Application Switches http://www.foundrynet.com/products/app-switch/ Copyright Foundry Networks Page 13

Deploying SAP NetWeaver Infrastructure with Foundry Networks ServerIron July, 2008 Author: Deepak I. Kothari, Product Marketing Manager, L4-7 Products Group, Foundry Networks, Inc. Foundry Networks, Inc. World Headquarters 4980 Great America Parkway, Santa Clara, CA 95054 U.S.A. Worldwide Inquiries: Phone: + 1.408-207-1700 Fax: + 1.408-586-1900 Email: info@foundrynet.com Web: http://www.foundrynet.com Foundry Networks, BigIron, EdgeIron, FastIron, IronPoint, IronView IronWare, JetCore, NetIron, ServerIron, SecureIron, Terathon, TurboIron, and the Iron family of marks are trademarks or registered trademarks of Foundry Networks, Inc. in United States and other countries. All other trademarks used in this document are the properties of their respective owners. Although Foundry has attempted to provide accurate information in these materials, Foundry assumes no legal responsibility for the accuracy or completeness of the information. More specific information is available on request from Foundry. Please note that Foundry's product information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified as such in a duly signed writing. Copyright 2008 Foundry Networks, Inc. All rights reserved. Copyright Foundry Networks Page 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information