Novell Access Manager and Zeus ZXTM LB



By: jeremybrown

March 3, 2009 4:23 pm

Reads: 214

Comments:0

Rating:0

Introduction
Create Session Persistence Classes
Create Monitor
Create Pool
Create Virtual Server
Create Traffic Manager
Conclusion

Introduction

Novell Access Manager and Zeus ZXTM LB

These two products work great together and the setup is simple enough you don’t have to sweat the L4 configuration. The items are created in the order that they need to be used within the system. The benefit of this software L4 is it runs on standard hardware and can be upgraded to be faster if you need it to run faster. Also the connections are actually L7 so you don’t need to have them all on the same switch or segregated on different ports as some hardware L4 require. They just need to have a network connection between them which is much more flexible.

The software L4 was able to keep up with the hardware switches if I used faster hardware 4 cores and 8 GB of ram with the NIC’s teamed. You need to monitor the bandwidth because that seemed to be the first thing that ran out when I started my tests.

The high availability was pretty slick also that it allowed me to switch between the machines if one failed. I don’t go into the specifics for the high availability but rather talk on the ZXTM LB working with Novell Access Manager.

Here are details of my configuration that I will be reproducing in the configuration. I set it up using the 8080 and 8443 on the IDP but the software L4 can actually handle this through port 80 and 443 if you would prefer.

TEN
Gateway Cluster
Virtual IP address 192.168.0.10
Domain: ten.com
Servers 192.168.0.11, 192.168.0.12
Ports 80, 443
Health Check

TWENTY
Identity Server Cluster
Virtual IP address 192.168.0.20
Domain: twenty.com
Servers 192.168.0.21, 192.168.0.22
Ports 8080, 8443
Health Check

Create Session Persistence Classes

The first step is to create the Session Persistence Classes that will be used later in the setup. We will need to create two secure classes and two insecure classes for this setup to show how it is done. You do have the option to create one IP based persistence class and use it for the same cluster but that is a decision you can change easily at a later time once it is setup. The ssl id and the jsession id are best for testing out the clusters internally before they go live.

Catalogs (Button)->Persistence (Tab)

Create New Session Persistence Class

Name Ten-http

Click Create
Choose J233 session persistence
Click Update

Name Ten-ssl
Click Create
Choose SSL Session ID Persistence
Click Update

Name Twenty-http
Click Create
Choose J233 session persistence
Click Update

Name: Twenty-ssl
Click: Create
Choose J233 session persistence
Click: Update

Create Monitor

The next step is to create the monitors that you will need for each cluster and it is important to create http and ssl monitors if you have both of them enabled. Otherwise you could lose your http connections when the ssl is disabled while you are testing. It is okay to configure the http even if you aren’t going to use it at the current time. You can always disable it when you decide you don’t need it. A node is actually the servers in the clusters to help clarify the terminology.

Catalogs (Button)->Monitors (Tab)

Create a new monitor for Ten on the http port.

Name: Ten-http
Type: HTTP monitor
Scope: monitor each node separately.
Click: Add Monitor

When it pulls up the next screen it will be the actual Monitor settings for Ten-http and you need to adjust the timeout to value that matches the max_reply_time in the Pools. I choose 10 seconds in this case.

Timeout: 10
use_ssl: No
host_header: ten.com
path: /nesp/app/heartbeat
body_regex: Success
Click: Update

Create a new monitor for Ten on the ssl port.

Name: Ten-ssl
Type: HTTP monitor
Scope: monitor each node separately.
Click: Add Monitor

When it pulls up the next screen it will be the actual Montor settings for Ten-ssl and you need to adjust the timeout to value that matches the max_reply_time in the Pools. I choose 10 seconds in this case.

Timeout: 10
use_ssl: Yes
host_header: ten.com
path: /nesp/app/heartbeat
body_regex: Success
Click: Update

Create a new monitor for Twenty on the http port.

Name: Twenty-http
Type: HTTP monitor
Scope: monitor each node separately.
Click: Add Monitor

When it pulls up the next screen it will be the actual Montor settings for Twenty-http and you need to adjust the timeout to value that matches the max_reply_time in the Pools. I choose 10 seconds in this case. You will not set the port in this section as it depends on the actual virtual server of the same name for the port.

Timeout: 10
use_ssl: No
host_header: twenty.com
path: /nidp/app/heartbeat
body_regex: Success
Click: Update

Create a new monitor for Twenty on the ssl port.

Name: Twenty-ssl
Type: HTTP monitor
Scope: monitor each node separately.
Click: Add Monitor

When it pulls up the next screen it will be the actual Montor settings for Twenty-ssl and you need to adjust the timeout to value that matches the max_reply_time in the Pools. I choose 10 seconds in this case. You will not set the port in this section as it depends on the actual virtual server of the same name for the port.

Timeout: 10
use_ssl: Yes
host_header: twenty.com
path: /nidp/app/heartbeat
body_regex: Success
Click: Update

Create Pool

This section is where we create our pools of servers that are going to be configured for each virtual server. There are many options that we are currently not using and only taking the features that are required for our product.

Services (Button)->Pools (Tab)

Create a new Pool for Ten-http

Pool Name: Ten-http
Nodes: 192.168.0.11:80,192.168.0.12:80
Monitor: Ten-http
Click: Create Pool

Once the creation has finished then you will be inside the pool Ten-http. The first item that you need to configure is the Load Balancing so click on the load balancing and choose Round Robin. There are other options that will improve or decrease your performance so you can choose the one that works best for your environment.

Click on Load Balancing

Load_balancingalgorithm: Round Robin
Click: Update

Click Back on Ten-http in the Tab to return to the original screen.

Click on Session Persistence

persistence: Ten-http
Click: Update

Click Back on Ten-http in the Tab to return to the original screen.

Click on Connection Management

max_reply_time: 10
Click: Update

Click on Pools in the Tab to return where you need to create a new pool.

Create a new Pool for Ten-ssl

Pool Name: Ten-ssl
Nodes: 192.168.0.11:443,192.168.0.12:443
Monitor: Ten-ssl
Click: Create Pool

Once the creation has finished then you will be inside the pool Ten-ssl. The first item that you need to configure is the Load Balancing so click on the load balancing and choose Round Robin. There are other options that will improve or decrease your performance so you can choose the one that works best for your environment.

Click on Load Balancing

Load_balancingalgorithm: Round Robin
Click: Update

Click Back on Ten-http in the Tab to return to the original screen.

Click on Session Persistence

persistence: Ten-ssl
Click: Update

Click Back on Ten-ssl in the Tab to return to the original screen.

Click on Connection Management

max_reply_time: 10
Click: Update

Click on Pools in the Tab to return where you need to create a new pool.

Create a new Pool for Twenty-http

Pool Name: Twenty-http
Nodes: 192.168.0.21:8080,192.168.0.22:8080
Monitor: Twenty-http
Click: Create Pool

Once the creation has finished then you will be inside the pool Ten-http. The first item that you need to configure is the Load Balancing so click on the load balancing and choose Round Robin. There are other options that will improve or decrease your performance so you can choose the one that works best for your environment.

Click on Load Balancing

Load_balancingalgorithm: Round Robin
Click: Update

Click Back on Twenty-http in the Tab to return to the original screen.

Click on Session Persistence

persistence: Twenty-http
Click: Update

Click Back on Twenty-http in the Tab to return to the original screen.

Click on Connection Management

max_reply_time: 10
Click: Update

Click on Pools in the Tab to return where you need to create a new pool.

Create a new Pool for Twenty-ssl

Pool Name: Twenty-ssl
Nodes: 192.168.0.21:8443,192.168.0.22:8443
Monitor: Twenty-ssl
Click: Create Pool

Once the creation has finished then you will be inside the pool Ten-ssl. The first item that you need to configure is the Load Balancing so click on the load balancing and choose Round Robin. There are other options that will improve or decrease your performance so you can choose the one that works best for your environment.

Click on Load Balancing

Load_balancingalgorithm: Round Robin
Click: Update

Click Back on Twenty-ssl in the Tab to return to the original screen.

Click on Session Persistence

persistence: Twenty-ssl
Click: Update

Click Back on Twenty-ssl in the Tab to return to the original screen.

Click on Connection Management

max_reply_time: 10
Click: Update

You are now finished creating the pools.

Create Virtual Server

The virtual server is where the pool is given a port number and assigned a protocol.

Services (Button)->Virtual Servers(Tab)

Create a new Virtual Server
Virtual Server Name: Ten-http
protocol: HTTP
port: 80
Default Traffic Pool: Ten-http

We are just going to leave it as the default for now of all IP addresses. We will assign the Traffic IP Groups to the virtual server as soon as they are completed.

Create a new Virtual Server
Virtual Server Name: Ten-ssl
protocol: SSL (HTTPS)
port: 443
Default Traffic Pool: Ten-ssl

We are just going to leave it as the default for now of all IP addresses. We will assign the Traffic IP Groups to the virtual server as soon as they are completed.

Create a new Virtual Server
Virtual Server Name: Twenty-http
protocol: HTTP
port: 8080
Default Traffic Pool: Twenty-http

We are just going to leave it as the default for now of all IP addresses. We will assign the Traffic IP Groups to the virtual server as soon as they are completed.

Create a new Virtual Server
Virtual Server Name: Twenty-ssl
protocol: HTTP
port: 8443
Default Traffic Pool: Twenty-ssl

We are just going to leave it as the default for now of all IP addresses. We will assign the Traffic IP Groups to the virtual server as soon as they are completed.

Create Traffic Manager

This is where we setup the virtual IP addresses on the server so that they can be handled by the Load Balancer. You will need to have an IP address configured on the card in the range where you want to use the Virtual IP for this to work.

Service (Button) > Traffic IP Groups (Tab)

Create a new Traffic IP Group

Name: Ten-ip
Traffic Managers: Add existing box
IP addresses: 192.168.0.10
Click: Create Traffic IP Group

The next step is to add this traffic manager to the virtual server we had created previously for Ten-http.

Service (Button) > Virtual Servers (Tab)

Click on edit for the Ten-http virtual server.

Listening on: Traffic IP Groups

The screen will refresh then choose the next option.

Select Traffic IP Group: Ten-ip
Click: Update

The next step is to add this traffic manager to the virtual server we had created previously for Ten-ssl.

Service (Button) > Virtual Servers (Tab)

Click on edit for the Ten-ssl virtual server.

Listening on: Traffic IP Groups

The screen will refresh then choose the next option.

Select Traffic IP Group: Ten-ip
Click: Update

The next step is to add this traffic manager to the virtual server we had created previously for Twenty-http.

Service (Button) > Virtual Servers (Tab)

Click on edit for the Twenty-http virtual server.

Listening on: Traffic IP Groups

The screen will refresh then choose the next option.

Select Traffic IP Group: Twenty-ip
Click: Update

The next step is to add this traffic manager to the virtual server we had created previously for Twenty-ssl.

Service (Button) > Virtual Servers (Tab)

Click on edit for the Twenty-ssl virtual server.

Listening on: Traffic IP Groups

The screen will refresh then choose the next option.

Select Traffic IP Group: Twenty-ip
Click: Update

Conclusion

At this point you have completed the setup for the software L4 and now you need to click on the Home Button to start the virtual servers individually. If there are any errors they will show up on the main page(first link top left) and you can click on the red sign and it will display the problem so that you can fix it.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment