1. A Company And Product Presentation
KEMP Technologies
A Company And Product Presentation 1

2. Agenda Introduction Load Balancing Fundamentals LoadMaster Base Setup
Core Load Balancing Features
Transparency & Topologies
Loadmaster HA Setup
Advanced Features
Application Specific Aspects
Troubleshooting
Tips & Tricks
Summary
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 2

3. Introducing KEMP Pioneered “Affordable” Load Balancing & ADC
Established in year 2000
Pioneered “Affordable” Load Balancing & ADC
Global HQ in New York; EMEA HQ Ireland, Sales Germany
US & EMEA based Tech Support, Available 7 X 24
Specialize in Load Balancing and ADC
Consistent Growth
Technology partnerships with Microsoft, Dell & VMWare
100% Channel Focused
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 3

4. What is “Server Load Balancing” Sample Problems / KEMP Solution
and Why Do We Need It?
Sample Problems / KEMP Solution
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 4

5. Problem # 1 Server and Application Availability
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 5

6. Web/Application Server
Internet
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing.
Web/Application
Server 6

7. X Web/Application Server Internet
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. X
Web/Application
Server 7

8. Problem # 2 Performance & Scalability
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 8

9. Web/Application Server
As the
number of
user requests
grows…
Internet
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing.
Wait !
I Can’t Keep UP!
Web/Application
Server 9

10. Problem # 3
Security
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 10

11. Web/Application Server
Internet
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing.
Web/Application
Server 11

12. Web/Application Server
Internet
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing.
Install SSL
& IPS
On Server
Wait !
I Can’t Keep UP!
Web/Application
Server 12

13. Options ?
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 13

14. 10.0.20.5 10.0.20.6 Internet DNS Round Robin 1 3 5 7 . 2 4 6 8 .
Network
Infrastructure
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing.
Add another server
with DNS Round Robin?
Public-Facing IP 14

15. X Error 404 10.0.20.5 10.0.20.6 Internet Page Not Found DNS
Round Robin 1 3 5 7 2 4 6 8
Network
Infrastructure
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. X
Add another server
with DNS Round Robin?
Public-Facing IP 15

16. 10.0.20.5 Server Farm Internet Public VIP Private IPs
Server & Application Health Checking
Increased Performance & Scalability
Improved Management and Administration
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing.
Private IPs
Server Farm 16

17. X 10.0.20.5 Server Farm Internet Public VIP Private IPs
LoadMaster automatically detects server
and application failures and dynamically
re-routes user requests to other, available
servers.
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. X
Private IPs
Server Farm 17

18. X X X X Error 404 10.0.20.5 Server Farm Page Not Found Internet
Public VIP
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. X X X
Private IPs
Server Farm 18

19. 10.0.20.5 Server Farm Internet Public VIP Active Hot Standby
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing.
High Availability
with Stateful Failover
Private IPs
Server Farm 19

20. X 10.0.20.5 Server Farm Internet Public VIP Active Hot Standby
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing.
High Availability
with Stateful Failover
Private IPs
Server Farm 20

21. X 10.0.20.5 Server Farm Internet Public VIP Active Out of Service
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing.
High Availability
with Stateful Failover
Private IPs
Server Farm 21

22. Layer 4 and Layer 7 Layer 4 Load balancing: Layer 7 Load balancing:
Layer 4 Load Balancing is based on source IP addresses persistence and TCP Connection health checking.
But what about NAT?
What if my server is accepting connections on a port but the service is actually down?
Layer 7 Load balancing:
Layer 7 Load Balancing provides much more capabilities, for example
L7 Based Persistence
Application Healthchecking.
Content Switching
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 22

23. Loadmaster Setup & WUI Overview
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 23

24. Setup & Installation Connecting to the Loadmaster Licensing
Network Setup
Update Firmware
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 24

25. Connecting to the Loadmaster
Via Web User Interface
Loadmaster’s default IP address is:
Virtual Loadmaster will use DHCP to get an IP address
Browse to
Accept the Certificate and you will be prompted for a license code
Connecting via Serial Cable
Use terminal emulation software
Use VT-100 Emulation
115200bps
8 data bits
Parity: None
1 stop bit
Hardware Flow Control
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 25

26. Licensing License Key Prompt
Note: KEMP EMEA ships all units with a license key applied so this step can be over looked in most cases.
For Virtual Loadmasters you will need to perform this step. Contact KEMP Technologies and quote the Serial Number and Access Code
Access Codes are based on MAC-Addresses so licenses cannot be moved between Virtual Machines.
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 26

27. Network Setup
Once the Loadmaster is licensed, the Quickstart Menu will run and will ask for the following information
ETH0 IP Address
ETH1 IP Address
Hostname
Nameservers
Search Domains
Default Gateway
Reboot the LoadMaster to apply the changes.
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 27

28. Obtaining Loadmaster Firmware
To identify the latest version of firmware on general release visit the news section on our forums.
Contact KEMP support on and request a link to download the firmware.
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 28

29. Updating Loadmaster Firmware
Go to System Configuration ->
Contact KEMP support on and request a link to download the firmware.
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 29

30. The Web User Interface - WUI
Connect to the WUI via for all configuration options.
Overview of the WUI.
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 30

31. Core Load Balancing Features
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 31

32. Scheduling Internet Scheduling & Balancing Methods Round Robin
Weighted Round Robin
Least Connection
Weighted Least Connection
Fixed weighting
Weighted response time
Internet
The LoadMaster supports six Layer 4 load balancing methods.
With “chained failover”, one server can be set up as the primary, while the other server(s) can be configured to only serve requests if the primary is taken out of service.
Server 1
Server 2 32

33. Server Resource Load Balancing
Internet
Agent, Adaptive Balancing Methods
CPU Utilization
Memory (RAM) Available
Number of Active Users
Any Perfmon Stat.
Next Request
The LoadMaster supports six Layer 4 load balancing methods.
With “chained failover”, one server can be set up as the primary, while the other server(s) can be configured to only serve requests if the primary is taken out of service.
CPU=75%
CPU=72%
Server 1
Server 2 33

34. Server Health-checking
Real Server Check Parameters:
ICMP: Verify that the Server is contactable from the Loadmaster
TCP Connection Only: Verify that the Loadmaster can connect to the Real Server on the specified port
HTTP/HTTPS: Waits for a valid response from the Webserver, i.e. 200 OK
Mail (SMTP)/IMAP/POP3: Waits for a valid response from the Mail Server, i.e. 220 SMTP Service Ready
With most transactional web applications, such as eCommerce, it is common to require that a user maintains a “persistent” connection with a particular server over some period of time.
The most common reason is to ensure positive user experience when “user data” (such as form data or shopping cart data) is temporarily stored on a specific real server – for a particular user.
Persistence (sometimes referred to as sticky connection or server affinity) is the most common way to ensure this functionality.
The LoadMaster supports 9 different persistence methods, including source IP and SSL session ID – which are commonly the only persistence options available on other load balancers. However, with modern network architectures, source IP is no longer a reliable method for achieving persistence, since clients IP addresses can change frequently over a short period of time. Also, the use of SSL session ID for persistence purposes is virtually useless these days, as browsers such as MS Internet Explorer v5.x and up change SSL sessions ID too frequently during a session.
For this reason, the LoadMaster also support Layer 7-based persistence methods (also referred to as cookie persistence) achieving a much more reliable method of maintaining persistent user connections. 34

35. Source IP-based Server Persistence2 3 1
Internet
Issues with Source-IP
Persistence ?
With most transactional web applications, such as eCommerce, it is common to require that a user maintains a “persistent” connection with a particular server over some period of time.
The most common reason is to ensure positive user experience when “user data” (such as form data or shopping cart data) is temporarily stored on a specific real server – for a particular user.
Persistence (sometimes referred to as sticky connection or server affinity) is the most common way to ensure this functionality.
The LoadMaster supports 9 different persistence methods, including source IP and SSL session ID – which are commonly the only persistence options available on other load balancers. However, with modern network architectures, source IP is no longer a reliable method for achieving persistence, since clients IP addresses can change frequently over a short period of time. Also, the use of SSL session ID for persistence purposes is virtually useless these days, as browsers such as MS Internet Explorer v5.x and up change SSL sessions ID too frequently during a session.
For this reason, the LoadMaster also support Layer 7-based persistence methods (also referred to as cookie persistence) achieving a much more reliable method of maintaining persistent user connections.
Shopping Data
For User 1
Server 1
Server 2 35

36. L7 Server Persistence Super HTTP Internet URL Hash2 3 1
Super HTTP
User Agent + Authorization Header
URL Hash
Same URL = Same Server
Hash of HTTP Query Item
Same HTTP Request Parameter = Same Server
Internet
With most transactional web applications, such as eCommerce, it is common to require that a user maintains a “persistent” connection with a particular server over some period of time.
The most common reason is to ensure positive user experience when “user data” (such as form data or shopping cart data) is temporarily stored on a specific real server – for a particular user.
Persistence (sometimes referred to as sticky connection or server affinity) is the most common way to ensure this functionality.
The LoadMaster supports 9 different persistence methods, including source IP and SSL session ID – which are commonly the only persistence options available on other load balancers. However, with modern network architectures, source IP is no longer a reliable method for achieving persistence, since clients IP addresses can change frequently over a short period of time. Also, the use of SSL session ID for persistence purposes is virtually useless these days, as browsers such as MS Internet Explorer v5.x and up change SSL sessions ID too frequently during a session.
For this reason, the LoadMaster also support Layer 7-based persistence methods (also referred to as cookie persistence) achieving a much more reliable method of maintaining persistent user connections.
Shopping Data
For User 1
Server 1
Server 2 36

37. Load Balancing Decision Process
Server/Application
Health Check
Internet
Persistence
Load Balance
Server 1
Server 2 37

38. Virtual Service Setup Create a Virtual Service
Set up Health-checking for the Virtual Service
Configure Persistency Options
Configure Scheduling Method.
Add Real Servers 38

39. Topologies & Transparency
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 39

40. Topologies
In General, configurations can be broken down into 1-arm and 2-arm configurations
Since 1-arm and 2-arm is a distinction on a virtual service basis, Loadmasters can house combinations of 1-armed and 2-armed Virtual Services 40

41. 1-armed Configuration
In 1-armed configurations, the VS and RS are on the same network 41

42. 2-armed Configuration
In 2-armed configurations, the VS and RS are on different networks 42

43. Transparency
Transparency is a major factor when planning a Loadmaster Deployment
Transparency – LoadMaster will pass along the original source IP address of the Client.
Non-Transparency – LoadMaster will NAT the address so the source IP address appears to be the LoadMaster
Transparency can be important for logging purposes, but may cause virtual services to respond improperly. 43

44. Pro Con Transparency Transparent Non-Transparent
Preserves source IP
Works with L4 and L7
VS access for clients on same subnet as RS
RS Gateway does not need to change
Non-local RS support
Con
No VS access for clients on the same subnet as RS
RS Gateway MUST be LoadMaster
Source IP is not preserved
(Headers can be inserted to report original source IP) 44

45. Transparency All Layer 4 traffic is transparent
Traffic at Layer 7 can be either
Non-Transparency is almost always easier, unless there is a requirement to see the source IP address.
Non-Transparent mode will often fix routing and traffic flow issues 45

46. Traffic Restrictions Two Examples of configurations that will NOT work
1-armed, Transparent, Clients on same subnet
2-armed, Transparent, RS’s gateway isn’t the LoadMaster.
Traffic must flow back to the Loadmaster 46

47. unless...
unless….. 47

48. Direct Server Return DSR mode is an uncommon configuration
DSR will be covered in our
“Advanced Technical Training Webinar” 48

49. Loadmaster HA Setup
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 49

50. High Availability
HA creates a pair of Loadmasters acting as one logical device
Loadmasters must be located on the same subnet in order to be in a HA Pair
Active/Standby
Only one unit is ever handling traffic at a particular moment 50

51. HA Components HA Check HA Updates Multicast
Keeps updated on health of the partner
Keeps LoadMaster up to date with changes made to virtual services
Keeps the standby LoadMaster updated on persistence updates
Governs whether LoadMaster will take the active role
Notable exceptions:
• Time
• Passwords
Allows LoadMaster to seamlessly pick up in failovers (Optional) 51

52. HA Network Setup Addressing:
A HA pair requires a min of 3 IP addresses
HA1 - Local HA1 administration
HA2 – Local HA2 administration
HA Shared – Management Interface, also used for routing. 52

53. HA Setup & Settings
HA Configuration
HA Settings 53

54. Advanced Features
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 54

55. Encryption/Decryption
SSL
Encryption/Decryption
Internet
Web Server Responsibilities
Key Exchange
Setup/Teardown SSL
Bulk Encrypt/Decrypt
Manage Multiple SSL Certificates
Serve Web Content
SSL on servers is expensive
TPS
Most web-facing sites and applications require that (at least some portion of) the site provides encrypted access via SSL (HTTPS).
SSL processing usually will take a significant toll on the server’s performance – up to 55%. Most importantly however, when SSL processing
is handled by the servers, any type of layer 7 based persistence becomes impossible, since cookie information is encrypted along with the rest of the http payload.
SSL = 55% Performance Hit
Server 1
Server 2 55

56. Encryption/Decryption
SSL
Encryption/Decryption
Internet
Offload and Accelerate
Key Exchange
Setup/Teardown SSL
Bulk Encrypt/Decrypt
Manage Single SSL Certificates
Enables L7 Persist. with SSL
SSL ASIC
L7 Persistence
All LoadMaster appliances are equipped with SSL Acceleration ASICs and are able to offload and accelerate SSL processing from application servers.
In addition to significant performance increase of SSL-enabled applications, by decrypting SSL traffic – the LoadMaster can “read” cookies and provide layer 7 persistence functionality WITH SSL traffic.
100 – 10,000 SSL TPS
Server 1
Server 2 56

57. Application Acceleration
Normal Load-Balanced Traffic Flow
Internet 2 3 1
Every request received by the Load Balancer is forwarded to a Server
All LoadMaster appliances are equipped with SSL Acceleration ASICs and are able to offload and accelerate SSL processing from application servers.
In addition to significant performance increase of SSL-enabled applications, by decrypting SSL traffic – the LoadMaster can “read” cookies and provide layer 7 persistence functionality WITH SSL traffic. 57

58. Application Acceleration
GZip Compression Enabled
Internet 2 3 1
More Web-side
Bandwidth available
To server more user requests
All LoadMaster appliances are equipped with SSL Acceleration ASICs and are able to offload and accelerate SSL processing from application servers.
In addition to significant performance increase of SSL-enabled applications, by decrypting SSL traffic – the LoadMaster can “read” cookies and provide layer 7 persistence functionality WITH SSL traffic. 58

59. Application Acceleration
Caching Feature Enabled
Cached
Content
Internet 2 3 1
All LoadMaster appliances are equipped with SSL Acceleration ASICs and are able to offload and accelerate SSL processing from application servers.
In addition to significant performance increase of SSL-enabled applications, by decrypting SSL traffic – the LoadMaster can “read” cookies and provide layer 7 persistence functionality WITH SSL traffic.
More Farm-side Bandwidth available
to serve more user requests. 59

60. Application Acceleration
Optimized Cache/Compression Enabled
Internet 2 3 1
All LoadMaster appliances are equipped with SSL Acceleration ASICs and are able to offload and accelerate SSL processing from application servers.
In addition to significant performance increase of SSL-enabled applications, by decrypting SSL traffic – the LoadMaster can “read” cookies and provide layer 7 persistence functionality WITH SSL traffic.
Content is pre-fetched and
Pre-compressed, optimizing
Both ends. 60

61. Content Switching Internet www.mysite.com/shopping
The LoadMaster support Layer 7 load balancing, also referred to as “Content Switching”.
With L7 support, the LoadMaster can direct requests to servers (or groups of servers) based on the URL.
This allows the administrator much greater flexibility in designing their server architecture to support more advanced applications.
With high performance hardware platforms, the LoadMaster can easily scale to support Layer 7 content switching. 61

62. “Open”, SNORT-rule compatible IPS
Internet
KEMP IPS Engine
SNORT-Rules
Available through:
Sourcefire
Open-source
Write your own
Log
Block
Block+Log
“Starter” rule-set included
All LoadMaster appliances are equipped with SSL Acceleration ASICs and are able to offload and accelerate SSL processing from application servers.
In addition to significant performance increase of SSL-enabled applications, by decrypting SSL traffic – the LoadMaster can “read” cookies and provide layer 7 persistence functionality WITH SSL traffic. 3 2 1 62

63. Reverse SSL Encryption between LoadMaster and Real Server Security
Setup issues (SSL links in Web app - Exchange 2010!)
While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 63

64. Application Specific Aspects
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 64

65. Application Delivery Infrastructure
Internet
intranet
Web Front-End Servers
(Browser Access to Apps)‏
Typical web-facing or intranet architecture.
Citrix
ERP/SAP
Exchange
BEA/Weblogic
Notes/Domino
OLAP
Any Intranet
Application Servers
With Integrated LB/Clustering
Oracle
MS SQL
MySQL
DB2
Back-end Database Servers
With Integrated Clustering 65

66. Applications Internet Web Servers & Intranet Apps, Virtualized Servers
Incl. Sharepoint
Virtualized Servers
While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster.
MS Terminal,
Citrix Servers
Others, incl ERP, CRM,
Legacy Applications
Mail & Messaging Servers – incl. Exchange & Lync/OCS 66

67. Application Specific Aspects
Microsoft Exchange 2010
Windows Terminal Services
Web Services & Sharepoint
Lync & OCS
While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 67

68. Microsoft Exchange 2010
KEMP LoadMasters offer performance, security and functional advantages for all of messaging applications and protocols used by Exchange 2010.
While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 68

69. Microsoft Exchange 2010 Exchange Virtual Services:
Virtual Service per Exchange Service
Consolidated HTTP/HTTPS Service
While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 69

70. Internal Remote Desktop Users
WTS
Deployments
Internet
Internal Remote Desktop Users
Thin Clients
intranet
Typical Microsoft Windows Terminal Server Architecture
WTS Health Checking
Session Directory Support
L7 Persistence
Resource-Based LB Agent
WTS Server Farm
Session Directory
Session Broker 70

71. Internal Remote Desktop Users
WTS Health Checking
Internet
Internal Remote Desktop Users
The LoadMaster initiates a
RDP session request with
a target WTS Server and
looks for a “positive” response.
Thin Clients
The LoadMaster can perform Layer 7 (RDP) application healthcheck of a server running WTS.
The LoadMaster’s ability to provide Layer 7
health checking for RDP protocol ensures that
client requests are only sent to servers that
are able to establish a valid RDP session.
WTS Server Farm
Session Directory
Session Broker

72. Support for TS Session Directory
RDP Clients
If an existing connection is found
(e.g on server #1), the Session
Directory service passes a “Routing
Token” to the “Client” for inclusion
in the subsequent request.
Step 3
The LoadMaster will detect
the presence of a “Routing
Token” and forward the
subsequent request to Server 1.
Step 4
Initial request is load
balanced according to
pre-configured LB
algorithm – (e.g. Round
Robin) and sent to WTS
Server #4.
Step 1
The LoadMaster is fully integrated with Microsoft Session Directory service for Terminal Services.
The LoadMaster can read the “Routing Token” supplied by the Session Directory service.
WTS server Queries Session Directory for existing client-session info.
Step 2 1 2 3 4
Session Directory
Session Broker
Benefits
The LoadMaster’s Integration
with WTS Session Directory Service
enables Session-based persistence
for reliably re-connecting dropped sessions
and roaming WTS users.

73. Layer 7 RDP Persistence Step 1 With L7 WTS Persistence Built-In,
The LoadMaster can store the RDP
client login/session info and use it
to provide Session Reconnection
without the need for MS Session
Directory Service.
Building a redundant, high-
availability Session Directory
Server infrastructure is not
required with LoadMaster’s
WTS persistence feature.
Using the LoadMaster’s built-in Layer 7 RDP persistence technology, users can implement fully persistent RDP connectivity – without the need for the deployment of highly resilient Session Directory server architecture. 1 2 3 4
Session Directory
Session Broker

74. Connection-based Load Balancing
Financial
Analyst
Light Office User
Most current load balancing solutions (including NLB) are only able to distribute WTS connections based on RDP connection count.
This can lead to an “unbalanced” server utilization, as many environments require support for different “classes” of users.
Thus, while servers may have an equal number of TS connections, some severs may end up oversubscribed while others are underutilized. 1 2 3 4
20% CPU
Utilization
80% CPU
Utilization
= Wasted Capacity
= Slow
All servers have equal # of RDP Connections

75. Resource-based Load Balancing
Financial
Analyst
Light Office User
Resource-based LB
CPU Utilization
Memory Available
I/O performance
Any “perfmon” stats
Custom Script support
LoadMaster Adaptive Agent
resides on Windows Servers,
providing resource-based
utilization stats to LoadMaster
for load balancing decisions.
The LoadMaster’s Resource-based, adaptive load balancing feature can take the server’s various performance metrics into account when distributing RDP requests.
This will help achieve a more uniform load distribution, increasing performance levels for more advanced users, as fewer of them will be allocated per TS server.
The LoadMaster ships with “agents” or scripts that can be installed on any server running Microsoft Windows Server operating system. The LoadMaster will communicate with these
agents, reading various user-defined values for PerfMon stats such as CPU, Memory, Disk IO, etc... and make load balancing decisions based on those values.
40% CPU
20 Conn.
40% CPU
10 Conn.
40% CPU
30 Conn.
40% CPU
15 Conn.
Resource-based load balancing achieves better user experience
by distributing requests to better-performing servers

76. Web Services & Sharepoint
Web Service Setup – http/https
Sharepoint – “Just another web service”
While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 76

77. Lync Server/ OCS
Load Balancing Microsoft Lync Server Option 1: MS “DNS Load Balancing”
Not for Edge Deployment
Option 2: Multiple Ports in one VS
While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 77

78. Troubleshooting
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 78

79. Backup & Log Files Log Files: Debug Options: Backup Viewer:
While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 79

80. TCP Trace
TCP Trace:
A TCP trace can be performed on any interface, IP Address or port number to assist in troubleshooting. Once the trace is completed it can be easily downloaded and opened in Wireshark.
More Advanced traces can be performed via the console, for instance an ICMP trace.
While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 80

81. Tips & Tricks
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 81

82. Tips & Tricks Per Virtual Service: Global Settings:
Transparency – Try “L7 Transparency Disabled”
Health check – Try “Rolling back” the health check
Persistence: Timeout + Cookie name
Global Settings:
No SNAT for One-Armed Setup!
External Syslog server
While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 82

83. Tips & Tricks HA Settings: Backup: Use Virtual MAC (not vor VLM!)
Activate Stateful L4/L7 connections
Change HA ID
Backup:
Remember to backup SSL certificates, too!
While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 83

84. Summary
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing. 84

85. Key LoadMaster Features & Benefits
Distribute application/user requests to best-performing server
Ensures each user gets the best application experience
possible
Active/Hot-Standby, with Stateful Failover
Provides % high-availability of application servers
and removes SLB as single point of failure
Server Hardware and Application Health Checking
Guarantees user requests will be directed to only “available” severs AND “available” applications.
Layer 4/7 Persistence
Ensures that users maintain continuous connections with
the specific server where “their” transactional data is
available – even if the IP address changes during session
Layer 7 Content Switching
Enables site administrators to optimize server traffic
according to content type (images, multi-media, apps)‏
SSL Acceleration/Offload in ASIC
Optimized server performance and user experience for
encrypted application content
Compression, Cache
Reduces latency associated with internal network while
further optimizing performance over existing ISP link
Intrusion Prevention Systems (IPS)‏
Helps thwart application-level threats, even with SSL-
encrypted traffic

86. LoadMaster Model Matrix
Feature
LM-2200
LM-2600
LM-3600
LM-5500
Gigabit LAN Interfaces 4 8 18
Servers/Virtual Clusters (VIPs)
1000/256
1000/500
1000/1000
Max. L4 Throughput
<1Gbps
1.7Gbps
3.4Gbps
6Gbps
Max L7 Throughput
1.5Gbps
2.9Gbps
5Gbps
SSL TPS (ASIC)
200
2,000
5,000
10,000
Concurrent Connections
1,000,000
2,000,000
4,000,000
30,000,000
Requests/Second (HTTP)
25K
69K
77K
100K
Form Factor 1U 2U
Power Supply
Single
Redundant
(Hot Swap)
A single Web or Application Server represents a single point of failure.
Server may be located in the company datacenter, in a co-location or a managed hosting facility.
Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server,
typically are not the target market for server load balancing.
For Active/Hot-Standby configuration, order quantity 2 (two), HA License at No Extra Cost 86

87. Resources & Contacts Contacts: Resources:
- VLM Download
forums.kemptechnologies.com - Community Forums
(or .de) – Blogsite
Exchange Sizing Tool – Identify correct LM for Exchange
While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 87