ebook img

Inclusions Content Barracuda Load Balancer ADC PDF

234 Pages·2014·7.34 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Inclusions Content Barracuda Load Balancer ADC

1. _Inclusions Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1 _Inclusions Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Barracuda Load Balancer ADC - Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1.1 Deployment Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1.2 Choosing Your Deployment Mode and Service Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1.2.1 One-Armed Using a TCP Proxy, UDP Proxy, or Layer 7 Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.1.2.2 TCP Proxy, UDP Proxy, or a Layer 7 Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.1.2.3 Two-Armed Using TCP Proxy, UDP Proxy, or a Layer 7 Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.1.2.4 Two-Armed with Layer 4 Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.1.3 Direct Server Return Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.1.3.1 Deploying DSR in a Microsoft Windows Server 2003 or 2008 Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.1.3.2 Deploying DSR in a Linux Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.1.3.3 Deploying DSR in Windows XP Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.1.4 Virtual Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.1.4.1 Hypervisor Compatibility and Deployment - OVF Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.1.4.2 Hypervisor Compatibility and Deployment - VMX Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.1.4.3 Hypervisor Compatibility and Deployment - XVA Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.1.4.4 Barracuda Load Balancer ADC Vx Quick Start Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.1.4.5 Sizing CPU, RAM, and Disk for Your Barracuda Load Balancer ADC Vx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 2.1.4.6 Backing Up Your Virtual Machine System State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.1.5 Public Cloud Hosting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.1.5.1 Amazon Web Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.1.5.1.1 Barracuda Load Balancer ADC Vx Deployment and Quick Start Guide for Amazon Web Services . . . . . . . . . . 30 2.1.5.1.2 Configuring Services on the Barracuda Load Balancer ADC Vx for Amazon Web Services . . . . . . . . . . . . . . . . 38 2.1.5.1.3 Creating a Link Bond on the Barracuda Load Balancer ADC Vx for Amazon Web Services . . . . . . . . . . . . . . . 40 2.1.5.1.4 Troubleshooting the Barracuda Load Balancer ADC Vx on Amazon Web Services . . . . . . . . . . . . . . . . . . . . . . 40 2.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 2.2.1 Install the Barracuda Load Balancer ADC Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 2.2.2 Open Firewall Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 2.2.3 Activate and Update the Barracuda Load Balancer ADC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 2.2.4 Configure Your Network and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 2.3 Application Deployment Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 2.3.1 Microsoft Exchange Server 2010 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 2.3.1.1 How to Deploy Microsoft Exchange Server 2010 in a One-Armed Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 2.3.1.2 How to Deploy Microsoft Exchange Server 2010 in a Two-Armed Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 2.3.1.3 How to Test the Microsoft Exchange Server 2010 Deployment Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 2.3.2 Microsoft Exchange Server 2013 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 2.3.3 Microsoft Lync 2010 and 2013 Server Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 2.3.3.1 Understanding Microsoft Lync Server Deployment Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 2.3.3.2 How to Deploy with Microsoft Lync Server 2010 and 2013 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 2.3.3.3 IP Worksheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 2.3.4 Microsoft Office SharePoint Server 2007, 2010 and 2013 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 2.3.5 Remote Desktop Services in Windows Server 2008 R1 or R2 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 2.3.5.1 Step 1: How to Configure Session Broker with Remote Desktop Services in Windows Server 2008 R1 or R2 . . . . . . 81 2.3.5.2 Step 2: How to Configure the Real Server with Remote Desktop Services in Windows Server 2008 R1 or R2 . . . . . . 82 2.3.5.3 Step 3: How to Configure Remote Desktop Services with Remote Desktop Services in Windows Server 2008 R1 or R2 83 2.3.5.4 Step 4: How to Test the Installation of Remote Desktop Services in Windows Server 2008 R1 and R2 . . . . . . . . . . . 83 2.3.6 Moodle Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 2.4 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 2.4.1 Services Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 2.4.2 Persistence Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 2.4.3 TCP Proxy, Secure TCP Proxy, and UDP Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 2.4.4 FTP and FTP SSL Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 2.4.5 HTTP Service and HTTPS Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 2.4.6 Instant SSL Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 2.4.7 SSL Offloading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 2.4.8 How to Secure Communication with Real Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 2.4.9 How to Select a Scheduling Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 2.4.10 How to Configure Adaptive Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 2.5 Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 2.5.1 How to Configure Authentication and Access Control (AAA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 2.5.2 How to Configure Single Sign-On (SSO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 2.5.3 How to Set Up a Custom Login Page for Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 2.5.4 How to Configure SMS Passcode Authentication Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 2.5.5 How to Set Up a Custom Challenge Page for Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 2.6 Technical White Papers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 2.6.1 PCI Compliance Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 2.7 Traffic Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 2.7.1 Content Rules for HTTP and HTTPS Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 2.7.2 How to Use Extended Match and Condition Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 2.7.3 Understanding HTTP Rewrite Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 2.7.4 Content Rewriting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 2.7.5 How to Use the Response Rewrite Function to Enable Web Sites for Google Analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 2.7.6 Understanding HTTP Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 2.7.7 Understanding HTTP Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 2.8 Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 2.8.1 How to Configure Syslog and other Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 2.8.2 How to Make the Client IP Address Available to the Back-end Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 2.8.2.1 Logging Actual Client IP Address In the IIS 7 and IIS 7.5 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 2.8.2.2 Logging Actual Client IP Address on the Apache Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 2.8.3 How to Mask Sensitive Data in Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 2.9 Global Server Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 2.9.1 Global Server Load Balancing Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 2.9.2 Implementing Global Server Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 2.9.3 Installing Global Server Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 2.9.4 Integrating Global Server Load Balancing with the Existing DNS Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 2.9.5 Site Selection Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 2.9.6 Implementing Global Server Load Balancing Regions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 2.9.7 Configuring Multiple Global Server Load Balancing Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 2.10 Application Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 2.10.1 Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 2.10.1.1 Configuring Action Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 2.10.1.2 Configuring Cloaking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 2.10.1.3 Configuring Data Theft Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 2.10.1.4 Configuring Global ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 2.10.1.5 Configuring Parameter Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 2.10.1.6 Configuring Request Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 2.10.1.7 Configuring URL Normalization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 2.10.1.8 Configuring URL Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 2.10.1.9 Securing HTTP Cookies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 2.10.2 Slow Client Attack Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 2.10.3 Configuring Website Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 2.10.4 How to Configure Antivirus Protection for File Uploads and Downloads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 2.10.5 How to Configure Data Theft Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 2.10.6 How to Configure Brute Force Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 2.10.7 How to Configure Session Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 2.10.8 Allow/Deny Rules for Headers and URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 2.10.8.1 Allow/Deny Rules for Headers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 2.10.8.2 Allow/Deny Rules for URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 2.10.9 Extended Match Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 2.10.10 Configuring User Defined Patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 2.10.10.1 Regular Expression Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 2.11 Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 2.11.1 Creating Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 2.11.2 Adding Custom Virtual Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 2.11.3 Network Address Translation NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 2.11.4 Multiport Link Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 2.11.5 VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 2.11.6 Network Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 2.11.6.1 Configuring IP Reputation Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 2.12 Certificate Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 2.12.1 How to Add an SSL Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 2.12.2 Installing SSL Certificates with Correct Chain Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 2.12.3 How to Pass Client Certificate Details to a Back-end Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 2.12.4 Allowing or Denying Client Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 2.12.5 Client Certificate Validation Using OCSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 2.12.6 Creating a Client Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 2.13 Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 2.13.1 Monitoring the Health of Services and Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 2.13.1.1 How to Create Monitor Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 2.13.1.2 Understanding Testing Methods for Services and Real Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 2.13.2 How to Monitor the System Using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 2.13.3 How to Automate System Alert and SNMP Trap Delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 2.13.4 How to Configure SNMP Monitoring on the Barracuda Load Balancer ADC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 2.13.5 How to Enable or Disable Real Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 2.13.6 How to Remotely Administer Real Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 2.13.7 How to View Performance Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 2.13.8 How to View System Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 2.14 High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 2.14.1 Understanding Barracuda Load Balancer ADC High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 2.14.2 How to Configure the Barracuda Load Balancer ADCs for High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 2.14.3 How to Manage High Availability Environment with Two Barracuda Load Balancer ADCs . . . . . . . . . . . . . . . . . . . . . . . . . 209 2.14.4 How to Remove a Barracuda Load Balancer ADC from a High Availability Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 2.14.5 How to Replace a Barracuda Load Balancer ADC in a High Availability Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 2.14.6 How to Update the Firmware on Clustered Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 2.15 Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 2.15.1 How to Back up and Restore Your System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 2.15.2 How to Update and Revert the Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 2.15.3 How to Update Definitions Under Energize Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 2.15.4 How to Replace a Failed System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 2.15.5 How to Reload, Restart, and Shut Down the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 2.15.6 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 2.15.7 How to Reboot the System in Recovery Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218 2.15.8 How to Use the Internet Protocol Version 6 (IPv6) with Barracuda Load Balancer ADC . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 2.16 Barracuda Load Balancer ADC Hardware Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 2.17 Limited Warranty and License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 2.18 Hardware Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 _Inclusions Library test macro. _Inclusions Content Barracuda Load Balancer ADC - Overview en The Barracuda Load Balancer ADC is a unified high-performance platform that helps organizations achieve their availability, acceleration, application control, and application security objectives. Where to Start Learn about your Deployment Options. For installation instructions for both the Barracuda Load Balancer ADC Vx virtual machine and the Barracuda Load Balancer ADC appliance, start here: Getting Started Application Deployment Guides Microsoft Exchange Server 2010 Deployment Microsoft Exchange Server 2013 Deployment Microsoft Lync 2010 and 2013 Server Deployment Microsoft Office SharePoint Server 2007, 2010 and 2013 Deployment Remote Desktop Services in Windows Server 2008 R1 or R2 Deployment Moodle Deployment Barracuda Load Balancer ADC Vx Deployment on Amazon Web Services Key Features Load balancing with dynamic scheduling and advanced monitoring capabilities SSL offloading, TCP connection pooling and caching, and compression to help accelerate application delivery Content-based routing to provide fine-grained application control Integrated application security to protect against application level attacks including the OWASP Top 10 risks Protection against theft of sensitive and confidential data Deployment en You can deploy the Barracuda Load Balancer ADC either as a hardware system or as a virtual system on supported hypervisors and in the cloud. Currently, cloud-hosted virtualization is available for Amazon Web Services. When deploying the Barracuda Load Balancer ADC, ensure that your network meets the setup requirements. You must also decide on: Deploying the Barracuda Load Balancer ADC in either a one-armed or two-armed mode. Creating services to load balance traffic at Layer 4 or Layer 7. A service is a combination of a virtual IP (VIP) address and one or more TCP/UDP ports. Traffic arriving at the designated ports for the specified VIP address is directed to one of the real servers that are associated with that particular service. Configuring Direct Server Return (DSR) for real servers that generate more outbound traffic than inbound traffic. Setting up two Barracuda Load Balancer ADCs in a high availability cluster as an active-passive pair. Only the active unit processes traffic, but both units synchronize their configurations and monitor each other's health. For more information, see High Availability. In this Section Deployment Requirements Choosing Your Deployment Mode and Service Types Direct Server Return Deployment Virtual Deployment Public Cloud Hosting 4 Deployment Requirements en When installing the Barracuda Load Balancer ADC in your network, the following conditions must be met: 1. The VIP addresses must be on the same subnet as the rest of the network; only the real servers are on the private, separate network. 2. The servers need not be physically isolated and can share a switch with the rest of the network so long as the isolation condition is met. 3. (Recommended) Each real server should be "one hop" away from the port on the Barracuda Load Balancer ADC. This means any relevant switches must be either directly connected to a port of the Barracuda Load Balancer ADC or connected to a series of switches that eventually reach the Barracuda Load Balancer ADC without going through any other machines. If you must remotely administer real servers individually, you can create new services that each load balance only a single real server (so it acts as a NAT). Multiple Network Adapters on Real Servers Real servers that are on multiple networks simultaneously may break the route path. If possible, each real server must be logically isolated. This means all traffic going to each real server must go through the Barracuda Load Balancer ADC. Each real server must have only one IP address, which is their private, isolated IP address. If a real server has more than one network adapter enabled, which gives traffic an alternate route around the Barracuda Load Balancer ADC, the deployment does not work properly even though it may appear to work initially. If your real servers have multiple network adapters, make sure that one of the following is true: The networks that the real servers are on are isolated from each other and cannot access the WAN (the network where incoming traffic arrives) without going through the Barracuda Load Balancer ADC. No network path may exist from the real servers to the client machines (this means if the real servers are also members of another network, this network must too be isolated and not connected in any way or through any other networks to the WAN network, including through the Internet). Static routes for incoming and outgoing traffic for each IP address of each Real Server have been defined. Choosing Your Deployment Mode and Service Types en You can deploy the Barracuda Load Balancer ADC in either one- or two-armed mode. Additionally, you select whether the Barracuda Load Balancer ADC acts as a reverse proxy for each type of traffic that is load balanced. A service is a combination of a virtual IP (VIP) address and one or more TCP/UDP ports. Traffic arriving at the designated ports for the specified VIP address is directed to one of the real servers that are associated with that particular service. When you create a service, you will specify whether the incoming traffic type is load balanced at Layer 4 or at Layer 7. You can configure settings such as scheduling policy and security for each service. In this article: en One-Armed and Two-Armed Mode Direct Server Return Service Types Layer 4 Services Layer 7 Services Configuring Services Deployment Examples Additional Deployment Notes One-Armed and Two-Armed Mode You can deploy the Barracuda Load Balancer ADC in either one- or two-armed mode: One-Armed – The real servers and the VIP addresses are on the same side (usually the WAN) of the Barracuda Load Balancer ADC. A 5 one-armed deployment requires minimal changes to your existing infrastrucure. Two-Armed – (Recommended for best performance) The VIP addresses (incoming traffic) and the real servers are on different subnets. Traffic comes through the WAN port and the real servers communicate with the LAN port. A two-armed deployment requires you to change the IP addresses of all real servers. If a Layer 4 - UDP or Layer 4 - TCP service is used in a two-armed deployment, the Barracuda Load Balancer ADC must be the default gateway for all downstream real servers. For all other types of services, the real servers and VIP addresses can be positioned in a variety of ways. Direct Server Return If a real server generates a much greater volume of outbound traffic than inbound traffic, you can configure Direct Server Return (DSR) for it. DSR increases outbound traffic throughput by directing traffic from the real server directly to the client, bypassing the Barracuda Load Balancer ADC. For more information about this deployment option, see Direct Server Return Deployment. Service Types You can create Layer 4 or Layer 7 services to pass incoming traffic to the real servers. Both types of services provide different options for handling traffic. Layer 4 Services Layer 4 services pass traffic in half-NAT mode, changing the destination IP address to that of the real server and keeping the original source IP address. The Barracuda Load Balancer ADC is the default gateway for all downstream real servers. Traffic Type Deployment Mode Layer 4 Service Type Notes TCP or UDP Two-armed. Layer 4 - UDP, Layer 4 - TCP Persistence is achieved using Usually the recommended the client IP address. deployment for Layer 4 traffic. TCP or UDP One-armed. Layer 4 - TCP, Layer 4 - UDP Requires a loopback adapter on Best performance if almost all Real servers in Direct Server each real server. Can keep the traffic is outgoing. Return mode. IP addresses of the real servers. SSL offloading and other Layer 7 capabilities are not supported. Persistence is achieved using the client IP address. Layer 7 Services Layer 7 services pass traffic in full-NAT mode, changing both the source and destination IP addresses. The Barracuda Load Balancer ADC acts as a proxy. Connections from the client are terminated at the Barracuda Load Balancer ADC, and new connections are established between the Barracuda Load Balancer ADC and the real servers. For Layer 7 services, the topology can be one- or two-armed. When installing the Barracuda Load Balancer ADC, you do not need to change the gateway of the servers in the server farm. For secure Layer 7 services (Secure TCP Proxy, HTTPS, and FTP SSL), the Barracuda Load Balancer ADC inspects the encrypted traffic using a certificate that is specified when the service type is selected. The traffic can be re-encrypted, or you can configure SSL offloading to send the de-crypted traffic to the real servers. Traffic Type Layer 7 Service Type UDP UDP Proxy UDP Proxy supports persistence using both client IP address and port. Many UDP applications involve all client requests coming from one client IP address. A UDP Proxy service that is configured with persistence of client IP port number distributes traffic across all of the real servers. 6 TCP TCP Proxy TCP with SSL processing offloaded to the Barracuda Load Balancer Secure TCP Proxy ADC HTTP (web servers) HTTP or HTTPS FTP (FTP servers) FTP or FTP SSL Remote Desktop Services Layer 7 - RDP Configuring Services For more information on the available service types and how to configure them, see Services. Deployment Examples The following table lists some common cases with suggested deployments: Use Case Suggested Deployment The Barracuda Load Balancer ADC provides Layer 4 load balancing Create one or more Layer 4 - TCP services. of TCP/IP traffic. The Barracuda Load Balancer ADC provides Layer 4 load balancing Create one or more Layer 4 - UDP services. of UDP traffic. The Barracuda Load Balancer ADC provides SSL offloading and Create one or more Secure TCP Proxy services. Layer 4 load balancing of TCP/IP traffic. If you use a one-armed topology, you do not need to reconfigure the IP addresses of the real servers. A two-armed topology provides better performance. The real servers are on the same subnet as the Barracuda Load You have the following options: Balancer ADC, and the configuration cannot be changed. Use a one-armed topology, and create a TCP Proxy service (or a Secure TCP Proxy service if SSL offloading is required). If almost all of the traffic is outbound, configure Direct Server Return with a Layer 4 service. There is an existing IT infrastructure using Windows where the web To avoid changing network settings, you have the following options: servers need to communicate with systems such as Active Directory Use one-armed topology. and create a TCP Proxy service. Domain Services, ISA Servers or domain controllers. Configure Direct Server Return with a Layer 4 service, For best performance, it is recommended that you use a two-armed topology and create a Layer 4 service. The outbound traffic is far greater than the inbound traffic. For Configure Direct Server Return with a Layer 4 service to increase example, if the real servers are providing streamed audio or visual throughput. media. The real servers must individually be remotely administered. You have the following options: Create new services, that each load balance a single real server. Deploy the real servers in a one-armed topology on the WAN side of the Barracuda Load Balancer ADC, and add them to a TCP Proxy service. Deploy the real servers on the WAN side in Direct Server Return mode, and add them to a Layer 4 service. Additional Deployment Notes More information about different deployment options can be found in these articles: 7 One-Armed Using a TCP Proxy, UDP Proxy, or Layer 7 Service Two-Armed Using TCP Proxy, UDP Proxy, or a Layer 7 Service TCP Proxy, UDP Proxy, or a Layer 7 Service Two-Armed with Layer 4 Load Balancing One-Armed Using a TCP Proxy, UDP Proxy, or Layer 7 Service en A one-armed topology has either all of the real servers and the VIP addresses on the WAN or (less commonly) all of the real servers and the VIP addresses on the LAN. When you create services in this topology, consider the following: For Layer 4 - TCP or UDP services, you must configure the real servers in Direct Server Return mode. See Direct Server Return deployment. With TCP Proxy, UDP Proxy, or any of the Layer 7 service types, you can add the Barracuda Load Balancer ADC into an existing infrastructure with minimal changes to the network. No changes are required to the IP addresses of the real servers. The Barracuda Load Balancer ADC can be on the same subnet as the real servers. Alternatively, the real servers are reachable through a router from the Barracuda Load Balancer ADC. In this article: en Virtual Interface Example Deployments Related Articles Deployment TCP Proxy, UDP Proxy, or a Layer 7 Service Two-Armed Using TCP Proxy, UDP Proxy, or a Layer 7 Service Two-Armed with Layer 4 Load Balancing Services Terminology WAN refers to interface(s) configured to access an external network. LAN refers to interface(s) configured to access an internal network. Virtual Interface If the server is in the same network as the custom virtual interface, then the custom virtual interface is used to connect to the server using the interface route/static route or the default gateway, in that order. If the server, the custom virtual interface, and the WAN IP address are all in the same network, you cannot use the custom virtual interface to connect to the server. In this scenario, the WAN IP address is always used to connect to the server. The virtual interface of the service can be in any network. Example Deployments Figure 1 shows a WAN-side deployment using one-armed topology and TCP Proxy, UDP Proxy, or Layer 7 services. The gateway IP address of the real servers did not need to be changed when adding the Barracuda Load Balancer ADC to the network. All of the virtual IP addresses and IP addresses of the real servers are connected to the WAN port. If required, an externally accessible IP address can be kept on a real server so that external clients can still access that address (for example, for FTP) only on that one system. 8 Because configuration changes are not required, traffic is only passed through the Barracuda Load Balancer ADC if it must be load balanced. Figure 1. One-armed using TCP Proxy, UDP Proxy, or a Layer 7 service. Figure 2 shows an example of a one-armed deployment using TCP Proxy services. In this example, services are provided by multiple Barracuda Spam Firewalls and email servers. As shown in the diagram, email passes through this network as follows: #1 - Email is sent to the VIP address for the TCP Proxy service that represents the Barracuda Spam Firewalls. #2 - Email is directed to the appropriate Barracuda Spam Firewall for processing. #3 - After passing spam and virus checks, email is sent to the VIP address for the email Service. #4 - The Barracuda Load Balancer ADC load balances the email traffic and passes it to an email server. Figure 2. One-armed TCP Proxy service with Barracuda Spam Firewalls. 9 TCP Proxy, UDP Proxy, or a Layer 7 Service en Choosing a TCP Proxy, UDP Proxy or one of the Layer 7 service makes the Barracuda Load Balancer ADC act as a full proxy. Connections from the client are terminated at the Barracuda Load Balancer ADC, and new connections are established between the Barracuda Load Balancer ADC and the real servers. Using a TCP Proxy, UDP Proxy, or a Layer 7 service lets you place the real servers anywhere in your network, as long as they can be routed to by the Barracuda Load Balancer ADC (e.g., via the same subnet, a VLAN, or pre-configured static routes). This can be used in one-armed configurations for applications like Microsoft Exchange Server or Microsoft Lync Server, as well as for custom applications. In two-armed configurations, real servers can access the virtual IP addresses (VIPs) of any TCP Proxy, UDP Proxy, or Layer 7 services that are on the same side of the Barracuda Load Balancer ADC. There are multiple configuration options available when using one or more TCP Proxy, UDP Proxy, or Layer 7 services: Some or all of the real servers are on the same subnet as the LAN. Some or all of the real servers are on the same subnet as the WAN. Some or all of the real servers are on the same VLAN as the Barracuda Load Balancer ADC. Some or all of the real servers are on a different subnet than either the WAN or LAN but are accessible through static routes. Some or all of the real servers are on a different subnet and responding to a TCP Proxy, UDP Proxy, or Layer 7 service. VIP addresses are on the same subnet as the WAN interface of the Barracuda Load Balancer ADC, and real servers are on a subnet separate from the VIPs. VIP addresses are on the same subnet as the LAN interface of the Barracuda Load Balancer ADC, and real servers are on a subnet separate from the VIPs. 10

Description:
2.4.8 How to Secure Communication with Real Servers . Log into your server using SSH. Remove the default .. On one Exchange server in the array, open the Exchange Management Shell and create a new CAS array. Verify that provides easy-to-edit, secure, and structured course web sites.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.