manualshive.com logo in svg

Barracuda Networks Load Balancer, Руководство администратора

Скачайте бесплатное руководство пользователя "Barracuda Networks Load Balancer" с помощью быстрого стартового руководства. Получите информацию о использовании продукта на manualshive.com. Узнайте, как настроить и оптимизировать свои сетевые функции с помощью этого руководства. Узнайте о всех возможностях этого продукта, скачайте его сейчас.

Поделиться
Скачать
background image

  Managing the Barracuda Load Balancer  47

SSL Offloading

The Barracuda Load Balancer is able to perform decryption and encryption of SSL traffic to reduce 
the load on the Real Servers.  It also keeps the SSL certificates associated with that traffic in one 
location for easier management.

SSL offloading is not compatible with Direct Server Return.

To set up SSL offloading, complete the following two tasks:

1.

Upload one SSL certificate for each Service to the Barracuda Load Balancer.  

2.

Identify the Services that are using SSL offloading. 

These two tasks are described in the following sections.

Uploading SSL Certificates

One SSL certificate for each Service to be offloaded must be stored on the Barracuda Load Balancer.  
If the Service has never used SSL before, then a certificate has to be ordered from a trusted Certificate 
Authority such as Verisign.  If the Service has used SSL, then the certificate may be retrieved from a 
server providing that Service and loaded on the Barracuda Load Balancer.  

To view, edit or add SSL certificates, go to the 

Basic > Certificate Management 

page.

Specifying SSL Offloading for a Service

To configure SSL offloading for a Service, go to the 

Basic > Services 

page. The Service must specify 

a specific listen port and must not be configured as an ALL ports Service.  Click 

Edit 

for the Service 

to see the Service Detail window.  Select the SSL certificate you wish to use from the menu.  Specify 
the SSL Engine Listen Port, which must differ from the port used when configuring the Service.  The 
Service will also accept non-encrypted traffic to its VIP on the port specified when the Service was 
first created.

Encrypted traffic received on the SSL Engine Listen Port will be decrypted before reaching the Real 
Servers, and traffic coming from the Real Servers will be encrypted before it leaves the Barracuda 
Load Balancer. Since the Real Servers send and receive decrypted traffic, no SSL configuration on 
any of the Real Servers is necessary. 

Selecting a Scheduling Policy

The Barracuda Load Balancer supports multiple scheduling methods to determine which Real Server 
that supports a Service gets the next new connection. Each Real Server is assigned a weight, which 
indicates the proportion of the load that this Real Server will bear relative to other Real Servers.  
Weights are either calculated dynamically using 

Adaptive Scheduling

, or they are pre-assigned.  

These Real Server weights are used by the scheduling algorithm, which is either Weighted Round-
Robin or Weighted Least Connections, to determine which Real Server gets the next connection. 

Adaptive Scheduling

The  

Adaptive Scheduling

 feature polls the Real Servers frequently and assigns weights to those Real 

Servers using the information gathered.  The parameter polled may be:

CPU Load, determined by an SNMP query. In order to use this option, Real Servers must allow 
SNMP access to the public community by the Barracuda Load Balancer.

Содержание Load Balancer

Страница 1: ...Barracuda Networks Inc 3175 S Winchester Blvd Campbell CA 95008 http www barracuda com B a r r a c u d a L o a d B a l a n c e r A d m i n i s t r a t o r s G u i d e V e r s i o n 2 3...

Страница 2: ...rights reserved Use of this product and this manual is subject to license Information in this document is subject to change without notice Trademarks Barracuda Load Balancer is a trademark of Barracud...

Страница 3: ...racuda Load Balancer Terminology 16 Load Balancer Deployment Options 19 Route Path Recommended 19 Deploying Route Path 20 Bridge Path 21 Deploying Bridge Path 22 Direct Server Return 22 DSR with Route...

Страница 4: ...ing System IP Information 44 Creating Load Balanced Services 44 Creating a Service 44 Enabling Persistence 46 Session Directory or Terminal Services Integration 46 SSL Offloading 47 Uploading SSL Cert...

Страница 5: ...ll models 60 Hardware Compliance 61 Notice for the USA 61 Notice for Canada 61 Notice for Europe CE Mark 61 Appendix C Limited Warranty and License 63 Limited Warranty 63 Exclusive Remedy 63 Exclusion...

Страница 6: ...vi Barracuda Load Balancer Administrator s Guide...

Страница 7: ...roduction 7 Chapter 1 Introduction This chapter provides an overview of the Barracuda Load Balancer and includes the following topics Overview on page 8 Features of the Barracuda Load Balancer on page...

Страница 8: ...of factors to make load balancing decisions It is designed to provide comprehensive IP load balancing capabilities to any IP based application including Internet sites with high traffic requirements i...

Страница 9: ...d applications The Barracuda Load Balancer is designed to provide fast and comprehensive IP load balancing capabilities to any IP based application including HTTP HTTPS SSL SSH SMTP IMAP RDP Terminal...

Страница 10: ...with any security feature IPS is designed to complement any existing security measures not replace them The role of the Intrusion Prevention System is to eliminate any damage from an attack that mana...

Страница 11: ...ments where session persistence is required Layer 4 IP persistence provides a fast and reliable solution for most configurations including encrypted e commerce traffic and database applications The le...

Страница 12: ...ion is available on selected models SSL offloading is not available if using the Direct Server Return mode of deployment Scheduling Policy The Barracuda Load Balancer supports multiple scheduling tech...

Страница 13: ...er is easy to use A typical configuration can be performed in less than ten minutes Last Resort Server The Barracuda Load Balancer allows you to specify a Last Resort Server which is the server to whi...

Страница 14: ...14 Barracuda Load Balancer Administrator s Guide...

Страница 15: ...5 Chapter 2 Load Balancing Concepts This chapter provides an overview of the Barracuda Load Balancer and includes the following topics Barracuda Load Balancer Terminology on page 16 Load Balancer Depl...

Страница 16: ...nection to a load balanced Service It can be an external Web browser accessing your load balanced Web site or an internal user connecting to a load balanced mail server Persistence A returning connect...

Страница 17: ...anagement IP Address The IP address assigned to the Barracuda Load Balancer which is also the IP address used to access the Web interface This address must be different than the Virtual IP addresses a...

Страница 18: ...18 Barracuda Load Balancer Administrator s Guide Figure 2 2 A physical network layout using Route Path...

Страница 19: ...Recommended Route Path deployment is the most frequently used deployment method providing the most flexibility by allowing load balancing of any server in a downstream route With Route Path the WAN a...

Страница 20: ...ple networks simultaneously may break the route path If Real Servers have more than one network adapter enabled and traffic has a route around the Barracuda Load Balancer the deployment will not work...

Страница 21: ...sses With Bridge Path deployment the WAN and LAN interfaces must be on physically separate networks The LAN interface must be on the same logical switch as the servers being load balanced Despite its...

Страница 22: ...the rest of the WAN and they must specify the same gateway as the Barracuda Load Balancer Finally make sure that the Operating Mode of the Barracuda Load Balancer is set to Bridge Path on the Basic I...

Страница 23: ...gure 2 5 Direct Server Return Packet Handling DSR configuration can be more complex than the other methods of deployment Because of this it is recommended that it be used only when there is a specific...

Страница 24: ...t on the same subnet and Layer 7 features are not required use DSR See Figure 2 6 for an example of this type of layout The following table describes the advantages and disadvantages of deploying your...

Страница 25: ...vers and non DSR servers running the same Service Real Servers that are in DSR mode must be on the same subnet as the WAN If the Barracuda Load Balancer is in Route Path mode then the Real Servers tha...

Страница 26: ...and binding it to the VIP address of the load balanced Service Because this is not a true adapter there should be no gateway defined in the TCP IP settings for this adapter Real Servers accepting traf...

Страница 27: ...nternet Information Services on each Real Server The VIP addresses must be listed above the real IP address of the Real Server Associate the Web site or application with the VIP addresses Verifying DS...

Страница 28: ...28 Barracuda Load Balancer Administrator s Guide...

Страница 29: ...arted This chapter provides general instructions for installing configuring and maintaining the Barracuda Load Balancer It includes the following topics Initial Setup 30 Administrative Settings 36 Mai...

Страница 30: ...s 34 Updating the IPS Definitions 35 Creating Services 35 Preparing for Installation Before installing your Barracuda Load Balancer complete the following tasks Decide which type of deployment is most...

Страница 31: ...sole displays on the monitor and the power light on the front of the Barracuda Load Balancer turns on For a description of each indicator light refer to the section that describes the model of your Ba...

Страница 32: ...dditionally if any of the load balanced Services require access to a designated port on the Virtual IP for the Service the appropriate settings will need to be configured on your corporate firewall Ex...

Страница 33: ...lability see Creating a High Availability Environment on page 49 Go to Step 3c Enter the following information in the LAN IP Configuration section LAN IP Address The address that connects the Barracud...

Страница 34: ...w next to Latest General Release Click OK on the download duration window Updating the firmware may take several minutes Do not turn off the unit during this process Download Now is disabled if the Ba...

Страница 35: ...or Automatically Update The recommended setting is Hourly for IPS definitions 3 Check to see if the current version is the same as the latest general release If the rules are up to date proceed to the...

Страница 36: ...ace This tab is only displayed on the Barracuda Load Balancer model 440 and above Setting the Time Zone of the System The Basic Administration page allows you to set the time zone of your Barracuda Lo...

Страница 37: ...unverified certificate To avoid this warning download the Private Root Certificate and import it into each browser that accesses the Barracuda Load Balancer Web administration interface You may creat...

Страница 38: ...es Any configuration changes you want to make need to be done through the Web interface The configuration backup file contains a checksum that prevents the file from being uploaded to the system if an...

Страница 39: ...Balancer back to Barracuda Networks at the address below with an RMA number marked clearly on the package Barracuda Networks Technical Support can provide details on the best way to return the unit Ba...

Страница 40: ...oubleshooting page to help diagnose the problem Perform a system restore from the last known good backup file Contact Barracuda Networks Technical Support for additional troubleshooting tips As a last...

Страница 41: ...mote administration Initiates a connection to Barracuda Central that allows Barracuda Networks Technical Support to access the system Another method for enabling this toubleshooting connection is to c...

Страница 42: ...42 Barracuda Load Balancer Administrator s Guide...

Страница 43: ...and management tasks you can perform from the Web interface For more detailed information about a specific page in the Web interface view the online help by clicking the question mark icon on the rig...

Страница 44: ...ice and then monitor a Service and associated Real Servers Creating a Service The Basic Services page lets you create Services by binding a Virtual IP address port and one or more Real Servers As an a...

Страница 45: ...e associated Real Servers are available If you want the Barracuda Load Balancer to automatically reactivate a Real Server that was previously not available If you set the Auto Recover field to No then...

Страница 46: ...If Layer 7 HTTP Cookie is selected then enter the L7 Cookie name that contains the session data or any other connection identifiers This is typically the name of the cookie used or created by the appl...

Страница 47: ...t the SSL certificate you wish to use from the menu Specify the SSL Engine Listen Port which must differ from the port used when configuring the Service The Service will also accept non encrypted traf...

Страница 48: ...If Adaptive Scheduling is operational then the pre assigned weights are not used Otherwise if some of the Real Servers are faster or have more capacity than others you can tell the Barracuda Load Bal...

Страница 49: ...Intrusion Prevention page The Basic Intrusion Prevention page displays a list of all of the Services and whether IPS is enabled for each one To test if the IPS is working on the Barracuda Load Balanc...

Страница 50: ...h indicators In a Route Path deployment the backup Barracuda Load Balancer automatically becomes active and takes over operations if it does not receive a reply to its poll of the primary system withi...

Страница 51: ...inue to the next step 6 Refresh the Advanced High Availability page on both Barracuda Load Balancers and verify that Each system s WAN IP address appears in the Clustered Systems table The status of e...

Страница 52: ...d Between Clustered Systems Propagated Data Data Not Propagated Global system settings configured through the Administration interface Any SSL Certificates that have been installed System IP configura...

Страница 53: ...s 54 Monitoring the Health of Services The Basic Services and Basic Health pages display the health of your load balanced Service and associated Real Servers Figure 4 1 shows an example of the Health...

Страница 54: ...System Alerts The Basic Administration page allows you to configure the Barracuda Load Balancer to automatically email notifications to the addresses you specify To enter multiple addresses separate...

Страница 55: ...4 1999 ORGANIZATION Barracuda Networks Inc CONTACT INFO Barracuda Networks Inc 3175 S Winchester Blvd Campbell CA 95008 DESCRIPTION Main Barracuda MIB enterprises 20632 assigned by IANA END Barracuda...

Страница 56: ...AX ACCESS read only STATUS current DESCRIPTION The Barracuda Load Balancer s active services blb 2 systemOperatingServers OBJECT TYPE SYNTAX INTEGER MAX ACCESS read only STATUS current DESCRIPTION The...

Страница 57: ...acuda Load Balancer Hardware This appendix provides hardware information for the Barracuda Load Balancer The following topics are covered Front Panel of the Barracuda Load Balancer 58 Back Panel of th...

Страница 58: ...da Load Balancer Front Panel for models 240 340 and 440 Table B 1 Front Panel Descriptions for Barracuda Load Balancer 240 340 and 440 Diagram Location Component Name Description 1 WAN port Port for W...

Страница 59: ...40 Diagram Location Component Name Description 1 WAN port Port for WAN connection 2 LAN port Port for LAN connection 3 Reserved for future use 4 Reserved for future use 5 Traffic Blinks when the Barra...

Страница 60: ...cuda Load Balancer Back Panel Table B 3 Barracuda Load Balancer Back Component Descriptions Diagram Location Component Name Description 1 Power Supply Connection for the AC power cord standard power s...

Страница 61: ...use harmful interference to radio or television reception which can be determined by turning the equipment off and on the user in encouraged to try one or more of the following measures Reorient or re...

Страница 62: ...62 Barracuda Load Balancer Administrator s Guide...

Страница 63: ...warranty extends only to you the original buyer of the Barracuda Networks product and is non transferable Exclusive Remedy Your sole and exclusive remedy and the entire liability of Barracuda Network...

Страница 64: ...USING THE BARRACUDA SOFTWARE BY USING THE BARRACUDA SOFTWARE YOU ARE AGREEING TO BE BOUND BY THE TERMS OF THIS LICENSE IF YOU DO NOT AGREE TO THE TERMS OF THIS LICENSE DO NOT USE THE SOFTWARE IF YOU D...

Страница 65: ...ECESSARY SERVICING REPAIR OR CORRECTION 6 License YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT YOU WILL PROVIDE AN UNLIMITED ZERO COST LICENSE TO BARRACUDA FOR ANY PATENTS OR OTHER INTELLECTUAL PROPERTY R...

Страница 66: ...ustomer may have paid Barracuda Networks the required license fee and Customer s use of the Energize Update Software shall also be limited as applicable and set forth in Customer s purchase order or i...

Страница 67: ...reasonable security measures to protect and maintain the confidentiality of such trade secrets and copyrighted material Title to Energize Update Software and documentation shall remain solely with Bar...

Страница 68: ...SING FROM A COURSE OF DEALING LAW USAGE OR TRADE PRACTICE ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED SUCH WARRANTY IS LIMITED IN D...

Страница 69: ...o know that what they have is not the original so that any problems introduced by others will not reflect on the original authors reputations Finally any free program is threatened constantly by softw...

Страница 70: ...lude anything that is normally distributed in either source or binary form with the major components compiler kernel and so on of the operating system on which the executable runs unless that componen...

Страница 71: ...R INABILITY TO USE THE PROGRAM INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY O...

Страница 72: ...provided with the distribution The name Carnegie Mellon University must not be used to endorse or promote products derived from this software without prior written permission For permission or any oth...

Страница 73: ...our own attribution notices within Derivative Works that You distribute alongside or as an addendum to the NOTICE text from the Work provided that such additional attribution notices cannot be constru...

Страница 74: ...her express or implied See the License for the specific language governing permissions and limitations under the License Source Code Availability Per the GPL and other open source license agreements t...

Страница 75: ...agnostic memory test 41 Direct Server Return 16 22 26 E Energize Updates 39 F failed system replacing 39 firewall configuring 32 Firmware Update page 38 front panel details 58 H hardware compliance in...

Страница 76: ...ion 12 shutting down the system 39 SSL Certificates 47 SSL Offloading 47 SSL Offloading configuring 47 Status page 54 subscription activating 35 status 34 T Task Manager page 54 TCP ports 32 testing m...

Отзывы:

Нет отзывов

Похожие инструкции для Load Balancer

ABB RELION REF615R Manual preview
RELION REF615R
Бренд: ABB Страницы: 66
Maco Standard Fitting Instructions Manual preview
Standard
Бренд: Maco Страницы: 38
TC Electronic M300 Service Manual preview
M300
Бренд: TC Electronic Страницы: 2
D-Link NetDefend DFL-260E Reference Manual preview
NetDefend DFL-260E
Бренд: D-Link Страницы: 328
D-Link ShareCenter Pulse DNS-320 Quick Install Manual preview
ShareCenter Pulse DNS-320
Бренд: D-Link Страницы: 2
D-Link DFL-210 - NetDefend - Security Appliance Firewall Registration Manual preview
DFL-210 - NetDefend - Security Appliance
Бренд: D-Link Страницы: 19
D-Link DFL-M510 Faq preview
DFL-M510
Бренд: D-Link Страницы: 22
D-Link DFE-680TX Quick Install Manual preview
DFE-680TX
Бренд: D-Link Страницы: 4
Dahua N300 Quick Start Manual preview
N300
Бренд: Dahua Страницы: 12
D-Link NetDefend DFL-1600 Quick Manual preview
NetDefend DFL-1600
Бренд: D-Link Страницы: 23
ZETR 25 Installation Manual preview
25
Бренд: ZETR Страницы: 2
CallDirect CD Series At Command Manual preview
CD Series
Бренд: CallDirect Страницы: 33
Magnat Audio MC 200 Faq preview
MC 200
Бренд: Magnat Audio Страницы: 2
Dahua DHI-NVR5224-24P-4KS2 Quick Start Manual preview
DHI-NVR5224-24P-4KS2
Бренд: Dahua Страницы: 24
H3C SR8800 IM-FW-II Command Reference Manual preview
SR8800 IM-FW-II
Бренд: H3C Страницы: 107
3Com MSR 50 Series Safety Information Manual preview
MSR 50 Series
Бренд: 3Com Страницы: 12
H3C S9500 Series Operating Manual preview
S9500 Series
Бренд: H3C Страницы: 16
H3C H3C S3600 Series Datasheet preview
H3C S3600 Series
Бренд: H3C Страницы: 10

Бренды по названию

Популярные бренды

Загрузить еще бренды