Migrerer fra Kemp LoadMaster til ZEVENET ADC

SLAGT DEN 14. november 2022

Oversigt

Let us scale multi-dimensional enterprise-grade systems while maintaining high availability with ZEVENET ADC. This means no benchmark limitations on memory, CPU cores, or throughput.

Du har måske bemærket, at disse begrænsninger forhindrer dit netværk i at skalere, hvis du overvejer andre alternativer end Kemp. ZEVENET Community Enterprise editions are designed to scale regardless of the deployment platform, whether hardware, Virtual environments, cloud infrastructure, or bare metal.

This article will discuss setting up an instance of ZEVENET’s load balancer based on Kemp LoadMaster configurations.

Forudsætninger

For at følge denne vejledning skal du:

  1. Hav en aktiv forekomst af ZEVENET ADC på din arbejdsstation eller en cloud-platform. Hvis en instans ikke er installeret, anmode om en vurdering.
  2. Be familiar with KEMP Loadmaster concepts.
  3. Have access to the ZEVENET web panel. If you don’t, follow this quick installationsvejledning.
  4. Har viden om at skabe en virtuel server i ZEVENET ADC. Følg denne guide: Layer 4 og layer 7 virtuel serverkonfiguration.

Basale koncepter

Virtuel tjeneste: A virtual service in Kemp’s load balancer is a point of contact from external networks. This interface has a virtual IP and port through which all traffic from the web flows. A virtual service in Kemp’s LoadMaster is the same as a Farm when using ZEVENET’s load balancer.

subVS: Use a subVS when segmenting traffic from the WEB and sending it to various requested resources. These resources could be HTML files or download files from FTP servers. A subVS is where you create a pool of backend servers and assign them a role. A subVS is the same as a Service i ZEVENET ADC.

Scheduling method: These are methods used when deciding how often clients should access resources from the backend servers. A scheduling method is the same as a Planlægger for belastningsbalancering i ZEVENET ADC.

Real server check methods: Load balancers must monitor the health of nodes serving an application by sending probe signals. These signals check whether a node and its service are healthy. ZEVENET ADC uses a set of inbuilt plugins called Farmguardian for health monitoring.

interfaces: Interfaces are necessary when dividing a local network into various network segments. Network segmentation calls for VLAN. ZEVENET load balancer comes with a Netværk section that allows you to manage different VLANs and assign them IPs through virtuelle grænseflader.

Global balancing: This module provides DNS-level load-balancing schemes. Used when distributing traffic between data centers. The GSLB module does a similar thing in ZEVENET ADC, but with more advanced security measures besides enforcing WAF regler.

Rigtige servere: Real servers are the hosts within a local network. These hosts process all requests from the web and send back a response through a reverse proxy. A real server is the same as a Bagende in the ZEVENET load balancer.

IPS / IDS: This module provides layer 7 protection when using the Kemp load balancer. It includes a set of WAF rules that protect against any of the top 10 OWASP security attacks. ZEVENET uses the IPDS module that provides network security at layers 3, 4, to 7.

Operation: These are commands you give a load balancer to do tasks like creating, editing, deleting, or restarting services. Produktion er de samme som handlinger in the ZEVENET load balancer.

Service Type / subVS Type: These options determine whether a service is HTTP or HTTPS. On an HTTP profile in ZEVENET ADC, the listener has the protocols, HTTP and HTTPS. The options service Type subVS Type er de samme som lyttere ved brug af ZEVENET ADC.

Pro/protocol: These determine whether a network should transmit UDP or TCP packets. ZEVENET ADC has more protocols that cater to layers 4 and 7.

ACME certificates: This protocol automates the interactions between CAs when you need an SSL certificate signed. ZEVENET’s load balancer comes with an inbuilt OpenSSL generator with the Lad os kryptere program.

Example configurations: Content switching

Websites serve two types of content, dynamisk statisk. Static content like images, audio, gifs, etc can be accessed directly from databases while dynamic content usually requires more server resources to process based on a user’s behavior. Therefore, we must access these resources differently to maintain højhastighedstog levering.

Two service groups must be created on a virtual server. In these example configurations, we shall create the service groups serviceDynamic serviceStatic to demonstrate content switching with Kemp and how you can achieve that with ZEVENET ADC.

Kemp configurations

  1. To do content switching, you will need at least two active subVS within a Virtual service.
  2. oracle_jd_edwards_load_balancing_farm

  3. One must define Indholdsregler.
  4. oracle_jd_edwards_load_balancing_farm

  5. After creating content rules, enable that rule on a subVS that you want to match. Click the Modify button on a Virtual Service. Scroll till you reach the Avancerede egenskaber setting and click the Aktiver button aside from content switching.
  6. Scroll to the table at the bottom. Within the column with the heading Regler, click the one with Ingen to add a rule.
  7. oracle_jd_edwards_load_balancing_farm

  8. After adding a rule, the status will change from Ingen til 1. For this example, all the traffic that matches this rule will be forwarded to a subVS with static content. All traffic that does match this condition will be forwarded to the subVS with dynamic content.

ZEVENET konfigurationer

  1. To enable content switching, you will need at least two services on an HTTP Gård.
  2. oracle_jd_edwards_load_balancing_farm

  3. For this example, we will click and edit the serviceStatic service.
  4. To load balance on static content, one must use a URL-mønster to match the static files. In this example, we will use the same pattern as with KEMP.
    \.(jpg|jpeg|png|gif|ico|css|js|html|htm|avi|mov|mp3|svg)$
  5. oracle_jd_edwards_load_balancing_farm

  6. Session persistence is optional. You might leave the field unchanged. However, you must enable health checks. Within Farmguardian, enable http health checks with the flag check_http.
  7. Gem konfigurationerne ved at klikke på Indløs .
  8. Create Backends to distribute static resources.

oracle_jd_edwards_load_balancing_farm
All the traffic from the web that matches the conditional within the URL-mønster parameter will get distributed among the listed underliggende programmer. Those that do not match will be forwarded to the service serviceDynamic. Make sure to enable session persistence.

Example configurations: SSL Offloading

SSL offloading can be used to improve the performance of a website by relieving the origin server of the processing burden of encrypting and decrypting traffic. It can also be used to centralize SSL/TLS management and to enable features such as content filtering. When implementing SSL offloading, it is important to ensure that the decrypted traffic is not visible to unauthorized parties and that the traffic is properly encrypted when it leaves the offload device.

In this section, we will show the configurations for setting up SSL-aflæsning on Kemp’s load balancer and how you can achieve the same with ZEVENET.

Kemp configurations

At muliggøre SSL-aflæsning, you must have an ssl cert loaded on the load balancer. This could be one issued by a Certificate Authority or a self-signed certificate.

These are the configurations to enable ssl offloading with the Kemp load balancer.

  1. Klik virtuelle tjenester på menuen.
  2. Klik view/modify services.
  3. Klik på knappen Ændre button under the operations of the selected service.
  4. Rul indtil du når SSL properties.
  5. Aktiver SSL-acceleration.
  6. oracle_jd_edwards_load_balancing_farm

  7. Assign the Available certificate in use by shifting it from the Tilgængelige certifikater boks til Assigned Certificates og klik på Set certificates .

The Kemp load balancer should be able to handle SSL-aflæsning with this configuration.

ZEVENET konfigurationer

  1. To enable SSL offloading, go to LSLB
  2. Klik på knappen Gårde .
  3. Klik på knappen Redigere button on an HTTP or HTTPS Farm.
  4. Change the listener from HTTP til HTTPS.
  5. Change the virtual port to 443.
  6. oracle_jd_edwards_load_balancing_farm

  7. Under Ciphers, change the option from Alle til SSL-aflæsning.
  8. Klik på Available certificate du vil bruge.
  9. Click the greater than Arrow (>) to shift the certificate from Tilgængelige certifikater til Aktiverede certifikater.
  10. oracle_jd_edwards_load_balancing_farm

  11. Gem konfigurationerne ved at klikke på Indløs .
  12. Genstart the Farm for the changes to take effect.

Suppose you don’t have an SSL certificate installed on the load balancer, A *.zencert.pem wildcard certificate will be used.

To upload an SSL certificate on ZEVENET ADC, read this Article: LSLB | SSL-certifikater
To generate an auto ca-signed certificate through the Let’s encrypt program, read this article: LSLB | Lad os kryptere

Yderligere ressourcer

Brug af programmet Let's encrypt til at autogenerere et SSL-certifikat.
Datalink/Uplink belastningsbalancering Med ZEVENET ADC.
DNS belastningsbalancering med ZEVENET ADC.
Beskyttelse mod DDoS-angreb.
Applikations-, sundheds- og netværksovervågning i ZEVENET ADC.
Web Application Firewall-konfiguration.
Konfiguration af SSL-certifikater til belastningsbalanceren.

Del på:

Dokumentation i henhold til GNU Free Documentation License.

Var denne artikel til hjælp?

Relaterede artikler