KEMP Technologies
A Company And Product Presentation
Agenda
 Introduction
 Load Balancing Fundamentals
 LoadMaster Base Setup
 Core Load Balancing Features
 Transparency & Topologies
 Loadmaster HA Setup
 Advanced Features
 Application Specific Aspects
 Troubleshooting
 Tips & Tricks
 Summary
Introducing KEMP

Established in year 2000
 Pioneered “Affordable” Load Balancing & ADC
 Global HQ in New York; EMEA HQ Ireland, Sales Germany
 US & EMEA based Tech Support, Available 7 X 24
 Specialize in Load Balancing and ADC
 Consistent Growth
 Technology partnerships with Microsoft, Dell & VMWare
 100% Channel Focused
What is “Server Load Balancing”
and Why Do We Need It?
Sample Problems / KEMP Solution
Problem # 1
Server and Application Availability
Internet
Web/Application
Server
Internet
X
Web/Application
Server
Problem # 2
Performance & Scalability
Internet
As the
number of
user requests
grows…
Wait !
I Can’t Keep
UP!
Web/Application
Server
Problem # 3
Security
Internet
Web/Application
Server
Internet
Install SSL
& IPS
On Server
Wait !
I Can’t Keep
UP!
Web/Application
Server
Options ?
Internet
DNS
Round Robin
Network
Infrastructure
10.0.20.5
Add another server
with DNS Round Robin?
10.0.20.6
Public-Facing IP
Internet
Error 404
DNS
Round Robin
Page Not
Found
Network
Infrastructure
10.0.20.5
Add another server
with DNS Round Robin?
X
Public-Facing IP
10.0.20.6
Internet
10.0.20.5
Public VIP
Server & Application Health Checking
Increased Performance & Scalability
Improved Management and Administration
Private IPs
192.168.0.2
192.168.0.3
Server Farm
192.168.0.4
Internet
10.0.20.5
Public VIP
LoadMaster automatically detects server
and application failures and dynamically
X
Private IPs
192.168.0.2
192.168.0.3
Server Farm
re-routes user requests to other, available
servers.
192.168.0.4
Error 404
Page Not
Found
Internet
10.0.20.5
Public VIP
X
X X X
Private IPs
192.168.0.2
192.168.0.3
Server Farm
192.168.0.4
Internet
10.0.20.5
Public VIP
Active
Hot Standby
High Availability
with Stateful Failover
Private IPs
192.168.0.2
192.168.0.3
Server Farm
192.168.0.4
Internet
10.0.20.5
Public VIP
X
Active
Hot Standby
High Availability
with Stateful Failover
Private IPs
192.168.0.2
192.168.0.3
Server Farm
192.168.0.4
Internet
X
10.0.20.5
Active
Out of Service
Public VIP
High Availability
with Stateful Failover
Private IPs
192.168.0.2
192.168.0.3
Server Farm
192.168.0.4
Layer 4 and Layer 7
Layer 4 Load balancing:
Layer 4 Load Balancing is based on source IP addresses persistence and TCP
Connection health checking.
• But what about NAT?
• What if my server is accepting connections on a port but the service is
actually down?
Layer 7 Load balancing:
Layer 7 Load Balancing provides much more capabilities, for example
• L7 Based Persistence
• Application Healthchecking.
• Content Switching
Loadmaster Setup
& WUI Overview
Setup & Installation
 Connecting to the Loadmaster
 Licensing
 Network Setup
 Update Firmware
Connecting to the Loadmaster
Via Web User Interface




Loadmaster’s default IP address is: 192.168.1.101
Virtual Loadmaster will use DHCP to get an IP address
Browse to https://192.168.1.101
Accept the Certificate and you will be prompted for a license code
Connecting via Serial Cable







Use terminal emulation software
Use VT-100 Emulation
115200bps
8 data bits
Parity: None
1 stop bit
Hardware Flow Control
Licensing
License Key Prompt
 Note: KEMP EMEA ships all units with a license key applied so this step
can be over looked in most cases.
 For Virtual Loadmasters you will need to perform this step. Contact
KEMP Technologies and quote the Serial Number and Access Code
 Access Codes are based on MAC-Addresses so licenses cannot be
moved between Virtual Machines.
Network Setup
 Once the Loadmaster is licensed, the Quickstart Menu will run
and will ask for the following information
 ETH0 IP Address
 ETH1 IP Address
 Hostname
 Nameservers
 Search Domains
 Default Gateway
 Reboot the LoadMaster to apply the changes.
Obtaining Loadmaster Firmware
• To identify the latest version of firmware on general
release visit the news section on our forums.
http://forums.kemptechnologies.com
• Contact KEMP support on
emeasupport@kemptechnologies.com and request a link
to download the firmware.
Updating Loadmaster Firmware
• Go to System Configuration ->
http://forums.kemptechnologies.com
• Contact KEMP support on
emeasupport@kemptechnologies.com and request a link
to download the firmware.
The Web User Interface - WUI
• Connect to the WUI via https://IPADDRESS for all
configuration options.
• Overview of the WUI.
Core Load Balancing Features
Scheduling
Scheduling & Balancing Methods
Internet
• Round Robin
• Weighted Round Robin
• Least Connection
• Weighted Least Connection
• Fixed weighting
• Weighted response time
Server 1
Server 2
Server Resource Load Balancing
Internet
Agent, Adaptive Balancing Methods
• CPU Utilization
• Memory (RAM) Available
• Number of Active Users
• Any Perfmon Stat.
Next Request
CPU=75%
Server 1
CPU=72%
Server 2
Server Health-checking
Real Server Check Parameters:
 ICMP: Verify that the Server is contactable from the Loadmaster
 TCP Connection Only: Verify that the Loadmaster can connect to the
Real Server on the specified port
 HTTP/HTTPS: Waits for a valid response from the Webserver, i.e. 200
OK
 Mail (SMTP)/IMAP/POP3: Waits for a valid response from the Mail
Server, i.e. 220 SMTP Service Ready
Source IP-based Server Persistence
2
3
1
Internet
Issues with Source-IP
Persistence ?
Shopping Data
For User 1
Server 1
Server 2
L7 Server Persistence
2
3
1
Internet
-
Super HTTP
-
User Agent + Authorization
Header
-
URL Hash
-
-
Same URL = Same Server
Hash of HTTP Query Item
-
Same HTTP Request
Parameter = Same Server
Shopping Data
For User 1
Server 1
Server 2
Load Balancing Decision Process
Internet
Server/Application
Health Check
Persistence
Load Balance
Server 1
Server 2
Virtual Service Setup
 Create a Virtual Service
 Set up Health-checking for the Virtual Service
 Configure Persistency Options
 Configure Scheduling Method.
 Add Real Servers
Topologies & Transparency
Topologies
 In General, configurations can be broken down
into 1-arm and 2-arm configurations
 Since 1-arm and 2-arm is a distinction on a
virtual service basis, Loadmasters can house
combinations of 1-armed and 2-armed Virtual
Services
1-armed Configuration
In 1-armed configurations, the VS and RS are on the same network
2-armed Configuration
In 2-armed configurations, the VS and RS are on different networks
Transparency
 Transparency is a major factor when planning a Loadmaster Deployment
 Transparency – LoadMaster will pass along the original source IP address of the
Client.
 Non-Transparency – LoadMaster will NAT the address so the source IP address
appears to be the LoadMaster
 Transparency can be important for logging purposes, but may cause virtual
services to respond improperly.
Transparency
Transparent
Non-Transparent
VS access for clients on
same subnet as RS
Preserves source IP
Pro
Works with L4 and L7
RS Gateway does not
need to change
Non-local RS support
No VS access for clients
Source IP is not preserved
on the same subnet as RS
Con
RS Gateway MUST be
LoadMaster
(Headers can be inserted
to report original source IP)
Transparency
 All Layer 4 traffic is transparent
 Traffic at Layer 7 can be either
 Non-Transparency is almost always easier, unless
there is a requirement to see the source IP address.
 Non-Transparent mode will often fix routing and
traffic flow issues
Traffic Restrictions
 Two Examples of configurations that will NOT work

1-armed, Transparent, Clients on same subnet

2-armed, Transparent, RS’s gateway isn’t the LoadMaster.
 Traffic must flow back to the Loadmaster
unless...
unless…..
Direct Server Return
 DSR mode is an uncommon configuration
 DSR will be covered in our
“Advanced Technical Training Webinar”
Loadmaster HA Setup
High Availability
 HA creates a pair of Loadmasters acting as one logical
device
 Loadmasters must be located on the same subnet in order
to be in a HA Pair
 Active/Standby
 Only one unit is ever handling traffic at a particular moment
HA Components
HA Check
Keeps updated on
health of the partner
Governs whether
LoadMaster will take
the active role
HA Updates
Multicast
Keeps LoadMaster up to
Keeps the standby
date with changes made to LoadMaster updated
virtual services
on persistence updates
Notable exceptions:
• Time
• Passwords
Allows LoadMaster to
seamlessly pick up in
failovers (Optional)
HA Network Setup
Addressing:
A HA pair requires a min of 3 IP addresses
 HA1 - Local HA1 administration
 HA2 – Local HA2 administration
 HA Shared – Management Interface, also used for routing.
HA Setup & Settings
 HA Configuration
 HA Settings
Advanced Features
SSL
Internet
Encryption/Decryption
Web Server Responsibilities
HTTPS://
• Key Exchange
• Setup/Teardown SSL
TPS
• Bulk Encrypt/Decrypt
• Manage Multiple SSL Certificates
• Serve Web Content
• SSL on servers is expensive
SSL = 55% Performance Hit
Server 1
Server 2
SSL
Internet
HTTPS://
Encryption/Decryption
Offload and Accelerate
• Key Exchange
SSL ASIC
• Setup/Teardown SSL
HTTP://
L7 Persistence
• Bulk Encrypt/Decrypt
• Manage Single SSL Certificates
• Enables L7 Persist. with SSL
100 – 10,000 SSL TPS
Server 1
Server 2
Application Acceleration
Normal Load-Balanced Traffic Flow
Internet
1
Every request received by the Load Balancer is forwarded to a Server
2
3
Application Acceleration
GZip Compression Enabled
Internet
1
More Web-side
Bandwidth available
To server more user
requests
2
3
Application Acceleration
Caching Feature Enabled
Cached
Content
Internet
1
More Farm-side Bandwidth available
to serve more user requests.
2
3
Application Acceleration
Optimized Cache/Compression Enabled
Internet
1
Content is pre-fetched and
Pre-compressed, optimizing
Both ends.
2
3
Content Switching
Internet
www.mysite.com/shopping
www.mysite.com/multi-media
“Open”, SNORT-rule compatible IPS
Internet
KEMP IPS Engine
SNORT-Rules
Available through:
•
Sourcefire
•
Open-source
•
Write your own
Log
Block
Block+Log
“Starter” rule-set included
1
2
3
Reverse SSL
Encryption between LoadMaster and Real Server
•
Security
•
Setup issues (SSL links in Web app - Exchange 2010!)
Application Specific Aspects
Application Delivery Infrastructure
Internet
intranet
Web Front-End Servers
(Browser Access to Apps)
Application Servers
With Integrated LB/Clustering
Back-end Database Servers
With Integrated Clustering
Oracle
MS SQL
MySQL
DB2
Citrix
ERP/SAP
Exchange
BEA/Weblogic
Notes/Domino
OLAP
Any Intranet
Applications
Internet
Web Servers & Intranet Apps,
Incl. Sharepoint
MS Terminal,
Citrix Servers
Virtualized Servers
Others, incl ERP, CRM,
Legacy Applications
Mail & Messaging Servers – incl. Exchange & Lync/OCS
Application Specific Aspects
 Microsoft Exchange 2010
 Windows Terminal Services
 Web Services & Sharepoint
 Lync & OCS
Microsoft Exchange 2010
KEMP LoadMasters offer performance, security and functional advantages for all
of messaging applications and protocols used by Exchange 2010.
Microsoft Exchange 2010
Exchange Virtual Services:
 Virtual Service per Exchange Service
 Consolidated HTTP/HTTPS Service
http://www.kemptechnologies.com/documentation
WTS
Deployments
Internet
Internal Remote Desktop Users
Thin Clients
intranet
• WTS Health Checking
• Session Directory Support
• L7 Persistence
WTS Server Farm
Session Directory
Session Broker
• Resource-Based LB Agent
WTS Health Checking
Internet
Internal Remote Desktop Users
The LoadMaster initiates a
RDP session request with
a target WTS Server and
looks for a “positive” response.
Thin Clients
The LoadMaster’s ability to provide Layer 7
WTS Server Farm
health checking for RDP protocol ensures that
client requests are only sent to servers that
Session Directory
Session Broker
are able to establish a valid RDP session.
Support for TS Session Directory
RDP Clients
If an existing connection is found
(e.g on server #1), the Session
Directory service passes a “Routing
Token” to the “Client” for inclusion
in the subsequent request.
The LoadMaster will detect
the presence of a “Routing
Token” and forward the
subsequent request to Server 1.
Step 4
Step 1
Step 3
Initial request is load
balanced according to
pre-configured LB
algorithm – (e.g. Round
Robin) and sent to WTS
Server #4.
1
Benefits
Session Directory
Session Broker
The LoadMaster’s Integration
with WTS Session Directory Service
enables Session-based persistence
for reliably re-connecting dropped sessions
and roaming WTS users.
2
3
4
WTS server Queries Session
Directory for existing clientsession info.
Step 2
Layer 7 RDP Persistence
Step 1
With L7 WTS Persistence Built-In,
The LoadMaster can store the RDP
client login/session info and use it
to provide Session Reconnection
without the need for MS Session
Directory Service.
Building a redundant, highavailability Session Directory
Server infrastructure is not
required with LoadMaster’s
WTS persistence feature.
1
Session Directory
Session Broker
2
3
4
Connection-based Load Balancing
Financial
Analyst
Light Office User
1
80% CPU
Utilization
= Slow
2
3
4
20% CPU
Utilization
= Wasted Capacity
All servers have equal # of RDP Connections
Resource-based Load Balancing
Financial
Analyst
Light Office User
Resource-based LB
• CPU Utilization
• Memory Available
• I/O performance
• Any “perfmon” stats
• Custom Script support
LoadMaster Adaptive Agent
resides on Windows Servers,
providing resource-based
utilization stats to LoadMaster
for load balancing decisions.
40% CPU
20 Conn.
40% CPU
10 Conn.
40% CPU
30 Conn.
40% CPU
15 Conn.
Resource-based load balancing achieves better user experience
by distributing requests to better-performing servers
Web Services & Sharepoint
 Web Service Setup – http/https
 Sharepoint – “Just another web service”
Lync Server/ OCS
Load Balancing Microsoft Lync Server
Option 1: MS “DNS Load Balancing”
• http://technet.microsoft.com/enus/library/ff755052.aspx
• Not for Edge Deployment
Option 2: Multiple Ports in one VS
Troubleshooting
Backup & Log Files
 Log Files:
 Debug Options:
 Backup Viewer:
 http://www.kemptechnologies.com/viewer
TCP Trace
TCP Trace:
 A TCP trace can be performed on any interface, IP Address or port
number to assist in troubleshooting. Once the trace is completed
it can be easily downloaded and opened in Wireshark.
 More Advanced traces can be performed via the console, for
instance an ICMP trace.
Tips & Tricks
Tips & Tricks
Per Virtual Service:

Transparency – Try “L7 Transparency Disabled”

Health check – Try “Rolling back” the health check

Persistence: Timeout + Cookie name
Global Settings:

No SNAT for One-Armed Setup!

External Syslog server
Tips & Tricks
HA Settings:

Use Virtual MAC (not vor VLM!)

Activate Stateful L4/L7 connections

Change HA ID
Backup:

Remember to backup SSL certificates, too!
Summary
Key LoadMaster Features & Benefits
Feature
Benefit
Distribute application/user requests to best-performing Ensures each user gets the best application experience
server
possible
Active/Hot-Standby, with Stateful Failover
Provides 99.999% high-availability of application servers
and removes SLB as single point of failure
Server Hardware and Application Health
Checking
Guarantees user requests will be directed to only
“available” severs AND “available” applications.
Layer 4/7 Persistence
Ensures that users maintain continuous connections with
the specific server where “their” transactional data is
available – even if the IP address changes during session
Layer 7 Content Switching
Enables site administrators to optimize server traffic
according to content type (images, multi-media, apps)
SSL Acceleration/Offload in ASIC
Optimized server performance and user experience for
encrypted application content
Compression, Cache
Reduces latency associated with internal network while
further optimizing performance over existing ISP link
Intrusion Prevention Systems (IPS)
Helps thwart application-level threats, even with SSLencrypted traffic
LoadMaster Model Matrix
Model >
LM-2200
LM-2600
LM-3600
LM-5500
4
4
8
18
1000/256
1000/500
1000/1000
1000/1000
Max. L4 Throughput
<1Gbps
1.7Gbps
3.4Gbps
6Gbps
Max L7 Throughput
<1Gbps
1.5Gbps
2.9Gbps
5Gbps
200
2,000
5,000
10,000
Concurrent Connections
1,000,000
2,000,000
4,000,000
30,000,000
Requests/Second (HTTP)
25K
69K
77K
100K
Form Factor
1U
1U
1U
2U
Single
Single
Single
Redundant
(Hot Swap)
Feature
Gigabit LAN Interfaces
Servers/Virtual Clusters (VIPs)
SSL TPS (ASIC)
Power Supply
For Active/Hot-Standby configuration, order quantity 2 (two), HA License at No Extra Cost
Resources & Contacts
Contacts:
Resources:

www.kemptechnologies.com/documentation

www.kemptechnologies.com/try - VLM Download

forums.kemptechnologies.com - Community Forums

www.loadbalancerblog.com (or .de) – Blogsite

Exchange Sizing Tool – Identify correct LM for Exchange