A Company And Product Presentation

Slides:



Advertisements
Similar presentations
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Advertisements

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Ireland: Germany: – 0 Load Balancing Exchange 2010 in the real world Mahmoud Magdy Senior Technical Architect Exchange Server.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
Content Overview Update Process Additional Tools.
F5 Solution for Microsoft Exchange 2010 James Hendergart Business Development Manager Helen Johnson Solution Engineer.
System and Network Security Practices COEN 351 E-Commerce Security.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Lesson 1: Configuring Network Load Balancing
Microsoft ® Application Virtualization 4.5 Infrastructure Planning and Design Series.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
1 Semester 2 Module 2 Introduction to Routers Yuda college of business James Chen
Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Course 201 – Administration, Content Inspection and SSL VPN
Terminal Services in Windows Server ® 2008 Infrastructure Planning and Design.
Barracuda Load Balancer Server Availability and Scalability.
Server Load Balancing. Introduction Why is load balancing of servers needed? If there is only one web server responding to all the incoming HTTP requests.
IGEL UMS Product Marketing Manager October 2011 Florian Spatz Universal Management Suite.
DONE-10: Adminserver Survival Tips Brian Bowman Product Manager, Data Management Group.
Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.
Module 13: Network Load Balancing Fundamentals. Server Availability and Scalability Overview Windows Network Load Balancing Configuring Windows Network.
Access Gateway Operation
1 Guide to Novell NetWare 6.0 Network Administration Chapter 11.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Securing Microsoft® Exchange Server 2010
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
14 Publishing a Web Site Section 14.1 Identify the technical needs of a Web server Evaluate Web hosts Compare and contrast internal and external Web hosting.
1 Guide to Novell NetWare 6.0 Network Administration Chapter 13.
Copyright ®xSpring Pte Ltd, All rights reserved Versions DateVersionDescriptionAuthor May First version. Modified from Enterprise edition.NBL.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
Module 7: Fundamentals of Administering Windows Server 2008.
Deploying XenApp and XenDesktop with BIG-IP Brent Imhoff – Field Systems Engineer Gary Zaleski – Solutions Architect Michael Koyfman – Solutions Architect.
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
Remote Access Using Citrix Presentation Server December 6, 2006 Matthew Granger IT665.
Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.
Integrating and Troubleshooting Citrix Access Gateway.
Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
WEB SERVER SOFTWARE FEATURE SETS
1 Configuring Sites Configuring Site Settings Configuring Inter-Site Replication Troubleshooting Replication Maintaining Server Settings.
Module 14: Advanced Topics and Troubleshooting. Microsoft ® Windows ® Small Business Server (SBS) 2008 Management Console (Advanced Mode) Managing Windows.
Wyoming Technology Readiness February Agenda Wyoming Training - Feb Technology Readiness  Schedule of events  Components and System Requirements.
Windows Server 2003 { First Steps and Administration} Benedikt Riedel MCSE + Messaging
Barracuda Load Balancer
Module 8: Networking Services
F5 BIGIP V 9 Training.
Securing the Network Perimeter with ISA 2004
Configuring and Troubleshooting Routing and Remote Access
Network Load Balancing
VIRTUAL SERVERS Presented By: Ravi Joshi IV Year (IT)
Web Caching? Web Caching:.
IIS.
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

A Company And Product Presentation KEMP Technologies A Company And Product Presentation 1

Agenda Introduction Load Balancing Fundamentals LoadMaster Base Setup Core Load Balancing Features Transparency & Topologies Loadmaster HA Setup Advanced Features Application Specific Aspects Troubleshooting Tips & Tricks Summary A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 2

Introducing KEMP Pioneered “Affordable” Load Balancing & ADC Established in year 2000 Pioneered “Affordable” Load Balancing & ADC Global HQ in New York; EMEA HQ Ireland, Sales Germany US & EMEA based Tech Support, Available 7 X 24 Specialize in Load Balancing and ADC Consistent Growth Technology partnerships with Microsoft, Dell & VMWare 100% Channel Focused A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 3

What is “Server Load Balancing” Sample Problems / KEMP Solution and Why Do We Need It? Sample Problems / KEMP Solution A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 4

Problem # 1 Server and Application Availability A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 5

Web/Application Server Internet A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. Web/Application Server 6

X Web/Application Server Internet A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. X Web/Application Server 7

Problem # 2 Performance & Scalability A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 8

Web/Application Server As the number of user requests grows… Internet A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. Wait ! I Can’t Keep UP! Web/Application Server 9

Problem # 3 Security A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 10

Web/Application Server Internet A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. Web/Application Server 11

Web/Application Server Internet A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. Install SSL & IPS On Server Wait ! I Can’t Keep UP! Web/Application Server 12

Options ? A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 13

10.0.20.5 10.0.20.6 Internet DNS Round Robin 1 3 5 7 . 2 4 6 8 . Network Infrastructure A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 10.0.20.5 10.0.20.6 Add another server with DNS Round Robin? Public-Facing IP 14

X Error 404 10.0.20.5 10.0.20.6 Internet Page Not Found DNS Round Robin 1 3 5 7 2 4 6 8 Network Infrastructure A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. X 10.0.20.5 10.0.20.6 Add another server with DNS Round Robin? Public-Facing IP 15

10.0.20.5 Server Farm Internet Public VIP Private IPs Server & Application Health Checking Increased Performance & Scalability Improved Management and Administration A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. Private IPs 192.168.0.2 192.168.0.3 192.168.0.4 Server Farm 16

X 10.0.20.5 Server Farm Internet Public VIP Private IPs LoadMaster automatically detects server and application failures and dynamically re-routes user requests to other, available servers. A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. X Private IPs 192.168.0.2 192.168.0.3 192.168.0.4 Server Farm 17

X X X X Error 404 10.0.20.5 Server Farm Page Not Found Internet Public VIP A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. X X X Private IPs 192.168.0.2 192.168.0.3 192.168.0.4 Server Farm 18

10.0.20.5 Server Farm Internet Public VIP Active Hot Standby A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. High Availability with Stateful Failover Private IPs 192.168.0.2 192.168.0.3 192.168.0.4 Server Farm 19

X 10.0.20.5 Server Farm Internet Public VIP Active Hot Standby A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. High Availability with Stateful Failover Private IPs 192.168.0.2 192.168.0.3 192.168.0.4 Server Farm 20

X 10.0.20.5 Server Farm Internet Public VIP Active Out of Service A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. High Availability with Stateful Failover Private IPs 192.168.0.2 192.168.0.3 192.168.0.4 Server Farm 21

Layer 4 and Layer 7 Layer 4 Load balancing: Layer 7 Load balancing: Layer 4 Load Balancing is based on source IP addresses persistence and TCP Connection health checking. But what about NAT? What if my server is accepting connections on a port but the service is actually down? Layer 7 Load balancing: Layer 7 Load Balancing provides much more capabilities, for example L7 Based Persistence Application Healthchecking. Content Switching A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 22

Loadmaster Setup & WUI Overview A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 23

Setup & Installation Connecting to the Loadmaster Licensing Network Setup Update Firmware A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 24

Connecting to the Loadmaster Via Web User Interface Loadmaster’s default IP address is: 192.168.1.101 Virtual Loadmaster will use DHCP to get an IP address Browse to https://192.168.1.101 Accept the Certificate and you will be prompted for a license code Connecting via Serial Cable Use terminal emulation software Use VT-100 Emulation 115200bps 8 data bits Parity: None 1 stop bit Hardware Flow Control A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 25

Licensing License Key Prompt Note: KEMP EMEA ships all units with a license key applied so this step can be over looked in most cases. For Virtual Loadmasters you will need to perform this step. Contact KEMP Technologies and quote the Serial Number and Access Code Access Codes are based on MAC-Addresses so licenses cannot be moved between Virtual Machines. A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 26

Network Setup Once the Loadmaster is licensed, the Quickstart Menu will run and will ask for the following information ETH0 IP Address ETH1 IP Address Hostname Nameservers Search Domains Default Gateway Reboot the LoadMaster to apply the changes. A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 27

Obtaining Loadmaster Firmware To identify the latest version of firmware on general release visit the news section on our forums. http://forums.kemptechnologies.com Contact KEMP support on emeasupport@kemptechnologies.com and request a link to download the firmware. A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 28

Updating Loadmaster Firmware Go to System Configuration -> http://forums.kemptechnologies.com Contact KEMP support on emeasupport@kemptechnologies.com and request a link to download the firmware. A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 29

The Web User Interface - WUI Connect to the WUI via https://IPADDRESS for all configuration options. Overview of the WUI. A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 30

Core Load Balancing Features A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 31

Scheduling Internet Scheduling & Balancing Methods Round Robin Weighted Round Robin Least Connection Weighted Least Connection Fixed weighting Weighted response time Internet The LoadMaster supports six Layer 4 load balancing methods. With “chained failover”, one server can be set up as the primary, while the other server(s) can be configured to only serve requests if the primary is taken out of service. Server 1 Server 2 32

Server Resource Load Balancing Internet Agent, Adaptive Balancing Methods CPU Utilization Memory (RAM) Available Number of Active Users Any Perfmon Stat. Next Request The LoadMaster supports six Layer 4 load balancing methods. With “chained failover”, one server can be set up as the primary, while the other server(s) can be configured to only serve requests if the primary is taken out of service. CPU=75% CPU=72% Server 1 Server 2 33

Server Health-checking Real Server Check Parameters: ICMP: Verify that the Server is contactable from the Loadmaster TCP Connection Only: Verify that the Loadmaster can connect to the Real Server on the specified port HTTP/HTTPS: Waits for a valid response from the Webserver, i.e. 200 OK Mail (SMTP)/IMAP/POP3: Waits for a valid response from the Mail Server, i.e. 220 SMTP Service Ready With most transactional web applications, such as eCommerce, it is common to require that a user maintains a “persistent” connection with a particular server over some period of time. The most common reason is to ensure positive user experience when “user data” (such as form data or shopping cart data) is temporarily stored on a specific real server – for a particular user. Persistence (sometimes referred to as sticky connection or server affinity) is the most common way to ensure this functionality. The LoadMaster supports 9 different persistence methods, including source IP and SSL session ID – which are commonly the only persistence options available on other load balancers. However, with modern network architectures, source IP is no longer a reliable method for achieving persistence, since clients IP addresses can change frequently over a short period of time. Also, the use of SSL session ID for persistence purposes is virtually useless these days, as browsers such as MS Internet Explorer v5.x and up change SSL sessions ID too frequently during a session. For this reason, the LoadMaster also support Layer 7-based persistence methods (also referred to as cookie persistence) achieving a much more reliable method of maintaining persistent user connections. 34

Source IP-based Server Persistence 2 3 1 Internet Issues with Source-IP Persistence ? With most transactional web applications, such as eCommerce, it is common to require that a user maintains a “persistent” connection with a particular server over some period of time. The most common reason is to ensure positive user experience when “user data” (such as form data or shopping cart data) is temporarily stored on a specific real server – for a particular user. Persistence (sometimes referred to as sticky connection or server affinity) is the most common way to ensure this functionality. The LoadMaster supports 9 different persistence methods, including source IP and SSL session ID – which are commonly the only persistence options available on other load balancers. However, with modern network architectures, source IP is no longer a reliable method for achieving persistence, since clients IP addresses can change frequently over a short period of time. Also, the use of SSL session ID for persistence purposes is virtually useless these days, as browsers such as MS Internet Explorer v5.x and up change SSL sessions ID too frequently during a session. For this reason, the LoadMaster also support Layer 7-based persistence methods (also referred to as cookie persistence) achieving a much more reliable method of maintaining persistent user connections. Shopping Data For User 1 Server 1 Server 2 35

L7 Server Persistence Super HTTP Internet URL Hash 2 3 1 Super HTTP User Agent + Authorization Header URL Hash Same URL = Same Server Hash of HTTP Query Item Same HTTP Request Parameter = Same Server Internet With most transactional web applications, such as eCommerce, it is common to require that a user maintains a “persistent” connection with a particular server over some period of time. The most common reason is to ensure positive user experience when “user data” (such as form data or shopping cart data) is temporarily stored on a specific real server – for a particular user. Persistence (sometimes referred to as sticky connection or server affinity) is the most common way to ensure this functionality. The LoadMaster supports 9 different persistence methods, including source IP and SSL session ID – which are commonly the only persistence options available on other load balancers. However, with modern network architectures, source IP is no longer a reliable method for achieving persistence, since clients IP addresses can change frequently over a short period of time. Also, the use of SSL session ID for persistence purposes is virtually useless these days, as browsers such as MS Internet Explorer v5.x and up change SSL sessions ID too frequently during a session. For this reason, the LoadMaster also support Layer 7-based persistence methods (also referred to as cookie persistence) achieving a much more reliable method of maintaining persistent user connections. Shopping Data For User 1 Server 1 Server 2 36

Load Balancing Decision Process Server/Application Health Check Internet Persistence Load Balance Server 1 Server 2 37

Virtual Service Setup Create a Virtual Service Set up Health-checking for the Virtual Service Configure Persistency Options Configure Scheduling Method. Add Real Servers 38

Topologies & Transparency A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 39

Topologies In General, configurations can be broken down into 1-arm and 2-arm configurations Since 1-arm and 2-arm is a distinction on a virtual service basis, Loadmasters can house combinations of 1-armed and 2-armed Virtual Services 40

1-armed Configuration In 1-armed configurations, the VS and RS are on the same network 41

2-armed Configuration In 2-armed configurations, the VS and RS are on different networks 42

Transparency Transparency is a major factor when planning a Loadmaster Deployment Transparency – LoadMaster will pass along the original source IP address of the Client. Non-Transparency – LoadMaster will NAT the address so the source IP address appears to be the LoadMaster Transparency can be important for logging purposes, but may cause virtual services to respond improperly. 43

Pro Con Transparency Transparent Non-Transparent Preserves source IP Works with L4 and L7 VS access for clients on same subnet as RS RS Gateway does not need to change Non-local RS support Con No VS access for clients on the same subnet as RS RS Gateway MUST be LoadMaster Source IP is not preserved (Headers can be inserted to report original source IP) 44

Transparency All Layer 4 traffic is transparent Traffic at Layer 7 can be either Non-Transparency is almost always easier, unless there is a requirement to see the source IP address. Non-Transparent mode will often fix routing and traffic flow issues 45

Traffic Restrictions Two Examples of configurations that will NOT work 1-armed, Transparent, Clients on same subnet 2-armed, Transparent, RS’s gateway isn’t the LoadMaster. Traffic must flow back to the Loadmaster 46

unless... unless….. 47

Direct Server Return DSR mode is an uncommon configuration DSR will be covered in our “Advanced Technical Training Webinar” 48

Loadmaster HA Setup A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 49

High Availability HA creates a pair of Loadmasters acting as one logical device Loadmasters must be located on the same subnet in order to be in a HA Pair Active/Standby Only one unit is ever handling traffic at a particular moment 50

HA Components HA Check HA Updates Multicast Keeps updated on health of the partner Keeps LoadMaster up to date with changes made to virtual services Keeps the standby LoadMaster updated on persistence updates Governs whether LoadMaster will take the active role Notable exceptions: • Time • Passwords Allows LoadMaster to seamlessly pick up in failovers (Optional) 51

HA Network Setup Addressing: A HA pair requires a min of 3 IP addresses HA1 - Local HA1 administration HA2 – Local HA2 administration HA Shared – Management Interface, also used for routing. 52

HA Setup & Settings HA Configuration HA Settings 53

Advanced Features A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 54

Encryption/Decryption SSL Encryption/Decryption Internet Web Server Responsibilities Key Exchange Setup/Teardown SSL Bulk Encrypt/Decrypt Manage Multiple SSL Certificates Serve Web Content SSL on servers is expensive HTTPS:// TPS Most web-facing sites and applications require that (at least some portion of) the site provides encrypted access via SSL (HTTPS). SSL processing usually will take a significant toll on the server’s performance – up to 55%. Most importantly however, when SSL processing is handled by the servers, any type of layer 7 based persistence becomes impossible, since cookie information is encrypted along with the rest of the http payload. SSL = 55% Performance Hit Server 1 Server 2 55

Encryption/Decryption SSL Encryption/Decryption Internet HTTPS:// Offload and Accelerate Key Exchange Setup/Teardown SSL Bulk Encrypt/Decrypt Manage Single SSL Certificates Enables L7 Persist. with SSL SSL ASIC HTTP:// L7 Persistence All LoadMaster appliances are equipped with SSL Acceleration ASICs and are able to offload and accelerate SSL processing from application servers. In addition to significant performance increase of SSL-enabled applications, by decrypting SSL traffic – the LoadMaster can “read” cookies and provide layer 7 persistence functionality WITH SSL traffic. 100 – 10,000 SSL TPS Server 1 Server 2 56

Application Acceleration Normal Load-Balanced Traffic Flow Internet 2 3 1 Every request received by the Load Balancer is forwarded to a Server All LoadMaster appliances are equipped with SSL Acceleration ASICs and are able to offload and accelerate SSL processing from application servers. In addition to significant performance increase of SSL-enabled applications, by decrypting SSL traffic – the LoadMaster can “read” cookies and provide layer 7 persistence functionality WITH SSL traffic. 57

Application Acceleration GZip Compression Enabled Internet 2 3 1 More Web-side Bandwidth available To server more user requests All LoadMaster appliances are equipped with SSL Acceleration ASICs and are able to offload and accelerate SSL processing from application servers. In addition to significant performance increase of SSL-enabled applications, by decrypting SSL traffic – the LoadMaster can “read” cookies and provide layer 7 persistence functionality WITH SSL traffic. 58

Application Acceleration Caching Feature Enabled Cached Content Internet 2 3 1 All LoadMaster appliances are equipped with SSL Acceleration ASICs and are able to offload and accelerate SSL processing from application servers. In addition to significant performance increase of SSL-enabled applications, by decrypting SSL traffic – the LoadMaster can “read” cookies and provide layer 7 persistence functionality WITH SSL traffic. More Farm-side Bandwidth available to serve more user requests. 59

Application Acceleration Optimized Cache/Compression Enabled Internet 2 3 1 All LoadMaster appliances are equipped with SSL Acceleration ASICs and are able to offload and accelerate SSL processing from application servers. In addition to significant performance increase of SSL-enabled applications, by decrypting SSL traffic – the LoadMaster can “read” cookies and provide layer 7 persistence functionality WITH SSL traffic. Content is pre-fetched and Pre-compressed, optimizing Both ends. 60

Content Switching Internet www.mysite.com/shopping www.mysite.com/multi-media The LoadMaster support Layer 7 load balancing, also referred to as “Content Switching”. With L7 support, the LoadMaster can direct requests to servers (or groups of servers) based on the URL. This allows the administrator much greater flexibility in designing their server architecture to support more advanced applications. With high performance hardware platforms, the LoadMaster can easily scale to support Layer 7 content switching. 61

“Open”, SNORT-rule compatible IPS Internet KEMP IPS Engine SNORT-Rules Available through: Sourcefire Open-source Write your own Log Block Block+Log “Starter” rule-set included All LoadMaster appliances are equipped with SSL Acceleration ASICs and are able to offload and accelerate SSL processing from application servers. In addition to significant performance increase of SSL-enabled applications, by decrypting SSL traffic – the LoadMaster can “read” cookies and provide layer 7 persistence functionality WITH SSL traffic. 3 2 1 62

Reverse SSL Encryption between LoadMaster and Real Server Security Setup issues (SSL links in Web app - Exchange 2010!) While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 63

Application Specific Aspects A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 64

Application Delivery Infrastructure Internet intranet Web Front-End Servers (Browser Access to Apps)‏ Typical web-facing or intranet architecture. Citrix ERP/SAP Exchange BEA/Weblogic Notes/Domino OLAP Any Intranet Application Servers With Integrated LB/Clustering Oracle MS SQL MySQL DB2 Back-end Database Servers With Integrated Clustering 65

Applications Internet Web Servers & Intranet Apps, Virtualized Servers Incl. Sharepoint Virtualized Servers While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. MS Terminal, Citrix Servers Others, incl ERP, CRM, Legacy Applications Mail & Messaging Servers – incl. Exchange & Lync/OCS 66

Application Specific Aspects Microsoft Exchange 2010 Windows Terminal Services Web Services & Sharepoint Lync & OCS While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 67

Microsoft Exchange 2010 KEMP LoadMasters offer performance, security and functional advantages for all of messaging applications and protocols used by Exchange 2010. While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 68

Microsoft Exchange 2010 Exchange Virtual Services: Virtual Service per Exchange Service Consolidated HTTP/HTTPS Service http://www.kemptechnologies.com/documentation While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 69

Internal Remote Desktop Users WTS Deployments Internet Internal Remote Desktop Users Thin Clients intranet Typical Microsoft Windows Terminal Server Architecture WTS Health Checking Session Directory Support L7 Persistence Resource-Based LB Agent WTS Server Farm Session Directory Session Broker 70

Internal Remote Desktop Users WTS Health Checking Internet Internal Remote Desktop Users The LoadMaster initiates a RDP session request with a target WTS Server and looks for a “positive” response. Thin Clients The LoadMaster can perform Layer 7 (RDP) application healthcheck of a server running WTS. The LoadMaster’s ability to provide Layer 7 health checking for RDP protocol ensures that client requests are only sent to servers that are able to establish a valid RDP session. WTS Server Farm Session Directory Session Broker

Support for TS Session Directory RDP Clients If an existing connection is found (e.g on server #1), the Session Directory service passes a “Routing Token” to the “Client” for inclusion in the subsequent request. Step 3 The LoadMaster will detect the presence of a “Routing Token” and forward the subsequent request to Server 1. Step 4 Initial request is load balanced according to pre-configured LB algorithm – (e.g. Round Robin) and sent to WTS Server #4. Step 1 The LoadMaster is fully integrated with Microsoft Session Directory service for Terminal Services. The LoadMaster can read the “Routing Token” supplied by the Session Directory service. WTS server Queries Session Directory for existing client-session info. Step 2 1 2 3 4 Session Directory Session Broker Benefits The LoadMaster’s Integration with WTS Session Directory Service enables Session-based persistence for reliably re-connecting dropped sessions and roaming WTS users.

Layer 7 RDP Persistence Step 1 With L7 WTS Persistence Built-In, The LoadMaster can store the RDP client login/session info and use it to provide Session Reconnection without the need for MS Session Directory Service. Building a redundant, high- availability Session Directory Server infrastructure is not required with LoadMaster’s WTS persistence feature. Using the LoadMaster’s built-in Layer 7 RDP persistence technology, users can implement fully persistent RDP connectivity – without the need for the deployment of highly resilient Session Directory server architecture. 1 2 3 4 Session Directory Session Broker

Connection-based Load Balancing Financial Analyst Light Office User Most current load balancing solutions (including NLB) are only able to distribute WTS connections based on RDP connection count. This can lead to an “unbalanced” server utilization, as many environments require support for different “classes” of users. Thus, while servers may have an equal number of TS connections, some severs may end up oversubscribed while others are underutilized. 1 2 3 4 20% CPU Utilization 80% CPU Utilization = Wasted Capacity = Slow All servers have equal # of RDP Connections

Resource-based Load Balancing Financial Analyst Light Office User Resource-based LB CPU Utilization Memory Available I/O performance Any “perfmon” stats Custom Script support LoadMaster Adaptive Agent resides on Windows Servers, providing resource-based utilization stats to LoadMaster for load balancing decisions. The LoadMaster’s Resource-based, adaptive load balancing feature can take the server’s various performance metrics into account when distributing RDP requests. This will help achieve a more uniform load distribution, increasing performance levels for more advanced users, as fewer of them will be allocated per TS server. The LoadMaster ships with “agents” or scripts that can be installed on any server running Microsoft Windows Server operating system. The LoadMaster will communicate with these agents, reading various user-defined values for PerfMon stats such as CPU, Memory, Disk IO, etc... and make load balancing decisions based on those values. 40% CPU 20 Conn. 40% CPU 10 Conn. 40% CPU 30 Conn. 40% CPU 15 Conn. Resource-based load balancing achieves better user experience by distributing requests to better-performing servers

Web Services & Sharepoint Web Service Setup – http/https Sharepoint – “Just another web service” While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 76

Lync Server/ OCS Load Balancing Microsoft Lync Server Option 1: MS “DNS Load Balancing” http://technet.microsoft.com/en-us/library/ff755052.aspx Not for Edge Deployment Option 2: Multiple Ports in one VS While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 77

Troubleshooting A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 78

Backup & Log Files Log Files: Debug Options: Backup Viewer: http://www.kemptechnologies.com/viewer While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 79

TCP Trace TCP Trace: A TCP trace can be performed on any interface, IP Address or port number to assist in troubleshooting. Once the trace is completed it can be easily downloaded and opened in Wireshark. More Advanced traces can be performed via the console, for instance an ICMP trace. While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 80

Tips & Tricks A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 81

Tips & Tricks Per Virtual Service: Global Settings: Transparency – Try “L7 Transparency Disabled” Health check – Try “Rolling back” the health check Persistence: Timeout + Cookie name Global Settings: No SNAT for One-Armed Setup! External Syslog server While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 82

Tips & Tricks HA Settings: Backup: Use Virtual MAC (not vor VLM!) Activate Stateful L4/L7 connections Change HA ID Backup: Remember to backup SSL certificates, too! While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 83

Summary A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. 84

Key LoadMaster Features & Benefits Distribute application/user requests to best-performing server Ensures each user gets the best application experience possible Active/Hot-Standby, with Stateful Failover Provides 99.999% high-availability of application servers and removes SLB as single point of failure Server Hardware and Application Health Checking Guarantees user requests will be directed to only “available” severs AND “available” applications. Layer 4/7 Persistence Ensures that users maintain continuous connections with the specific server where “their” transactional data is available – even if the IP address changes during session Layer 7 Content Switching Enables site administrators to optimize server traffic according to content type (images, multi-media, apps)‏ SSL Acceleration/Offload in ASIC Optimized server performance and user experience for encrypted application content Compression, Cache Reduces latency associated with internal network while further optimizing performance over existing ISP link Intrusion Prevention Systems (IPS)‏ Helps thwart application-level threats, even with SSL- encrypted traffic

LoadMaster Model Matrix Feature LM-2200 LM-2600 LM-3600 LM-5500 Gigabit LAN Interfaces 4 8 18 Servers/Virtual Clusters (VIPs) 1000/256 1000/500 1000/1000 Max. L4 Throughput <1Gbps 1.7Gbps 3.4Gbps 6Gbps Max L7 Throughput 1.5Gbps 2.9Gbps 5Gbps SSL TPS (ASIC) 200 2,000 5,000 10,000 Concurrent Connections 1,000,000 2,000,000 4,000,000 30,000,000 Requests/Second (HTTP) 25K 69K 77K 100K Form Factor 1U 2U Power Supply Single Redundant (Hot Swap) A single Web or Application Server represents a single point of failure. Server may be located in the company datacenter, in a co-location or a managed hosting facility. Clients whose application is hosted in a “shared” facility – that is, they do NOT have administrative access to their own dedicated server, typically are not the target market for server load balancing. For Active/Hot-Standby configuration, order quantity 2 (two), HA License at No Extra Cost 86

Resources & Contacts Contacts: Resources: www.kemptechnologies.com/documentation www.kemptechnologies.com/try - VLM Download forums.kemptechnologies.com - Community Forums www.loadbalancerblog.com (or .de) – Blogsite Exchange Sizing Tool – Identify correct LM for Exchange While the LoadMaster can support a huge variety of applications and protocols, these are the most common uses for the LoadMaster. 87

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.