How to configure SSL on Cisco Load Balancer

I want to configure SSL termination on cisco LB. i just want to know is there any license required for this deployment ? please share me some configuration steps to deploy the SSL.
Thanks
Irfan Hussain

Check the following basic ssl config
http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Configuration_Examples_--_SSL_Configuration_Examples
I think you do get a little of ssl resource without a license.
Gilles.

Similar Messages

  • Terminate SSL on Cisco Load Balancer

    Hi,
    We have a rights Management server that will be behind a load balancer. I would like to terminate the SSL on the Load balancer instead of terminating it on the LC server. is there any settings need to be set on the LC server. I will appreciate any help on this topic.

    Check the following basic ssl config
    http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Configuration_Examples_--_SSL_Configuration_Examples
    I think you do get a little of ssl resource without a license.
    Gilles.

  • Configuring customized ldap ports on cisco load balancer

    Hi,
    I have configured ldap on a different ports than the 389 and 636.  How do I configure this port to be allowed on the Cisco load balancer.  I'm a newbie to cisco load balancer.  Is there any specific configuration to be followed to set the customized port on the load balancer ?
    Any help is appreciated.
    Thanks in advance

    Hi,
    By default, ACE denies all traffic coming to an interface and you need to define ACL's to allow traffic. You can define an extended ACL to allow the traffic from IP's, TCP/UDP ports etc. Please visit the below for details about ACL configuration on ACE.
    http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/securgd/acl.html#wp1018359
    Also, pasting another link for basic TS related to ACE.
    http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Troubleshooting_Guide_--_Troubleshooting_Access_Control_Lists
    Regards,
    Kanwal

  • CISCO Load Balancer with SAP on Unix and Oracle

    Hello Experts,
    Explain me the steps How CISCO Load balancing Mechanism works with SAP Enterprise Portal?
    If anyone implemented and achieved the same,please explain me the steps to follow from Initial Stage to end of implementation.
    Or If you have any documentation on this just share with me or point me to the particular link.
    I have seen the below SAP help which is somewhat helpful.
    http://help.sap.com/saphelp_nw04s/helpdata/en/d3/e12840d89d185de10000000a1550b0/frameset.htm
    I would like to know how CISCO will connect to M/essage Server /Java Dispatcher.
    And explain me the steps to follow to implement External Facing Portal using Cisco Loadbalancer.
    This should be achieved in Unix environment.
    Any help would be greatly appreciated.
    Regards,
    Karthick Eswaran
    *Points will be rewarded for helpful suggestions

    We use F5 for loadbalancing, but all hardware loadbalancing solutions should similar. They offer multiple algorithms, we use simple round robin (SAP's webdispatcher has better options for load balancing). You create virtual IP to your CISCO loadbalancer. You then configure Cisco to route traffic to each portal application server. If you have CI + 2 appservers, you configure the loadbalancer to send traffic to cihost:port, appserver1:port, appserver2:port. You also create a DNS alias to the virtual IP of the loadbalancer. End users will use the DNS alias to connect your portal. Typically you use standard ports (80 & 443) on Cisco, so that end user URL does not contain any ports (so http traffic goes to port 80, https goes to port 443). You also need to enable cookie persistence on the load balancer for session persistence.
    For external facing portal, you need to have your loadbalancer in DMZ and you want to use SSL. You also need to setup firewall rules for your portal and backend servers.
    -RK

  • CISCO Load Balancing Mechanism with SAP

    Hello Experts,
    Explain me the steps How CISCO Load balancing Mechanism works with SAP Enterprise Portal?
    If anyone implemented and achieved the same,please explain me the steps to follow from Initial Stage to end of implementation.
    Or If you have any documentation on this just share with me to my google id kekarthick or point me to the particular link.
    I have seen the below SAP help which is somewhat helpful.
    http://help.sap.com/saphelp_nw04s/helpdata/en/d3/e12840d89d185de10000000a1550b0/frameset.htm
    I would like to know how CISCO will connect to Java Dispatcher.
    And explain me the steps to follow to implement External Facing Portal using Cisco Loadbalancer.
    This should be achieved in Unix and Windows 2003 environment.
    Any idea?
    Regards,
    Karthick Eswaran
    Edited by: Karthick Eswaran on May 21, 2008 12:40 AM

    Hello Karthick,
    let's say you have 2 servers for your portal:
    host1 -> e.g. DB, SCS + CI --> http://host1.my.company:50000/irj/portal
    host2 -> DI --> http://host2.my.company:50000/irj/portal
    Now you can implement an CISCO hardware load balancer. You have to connect it to your network and reserve one port and another ip adress of it for the portal.
    After that you have to add the ip adress of the both servers (host1+host2) to this port, so that the CISCO load balancer knows to which servers it has to forward the incoming connections.
    If you use DNS in your company you can now map a more user-friendly name to the CISCO port (e.g. http://portal.my.company:50000/irj/portal) and distribute this link to the users of the portal.
    When they connect to the portal via this link the CISCO load balancer will forward the request to one of the configured servers (host1 or host2) depending which one is online and/or the load of them.
    I hope I understood your question right and my answer helps a little.
    Regards,
    Norman Schröder

  • Configuring RFC connections for load balancing.

    Hi ,
    We have the following landscape for our systems.
    The database is installed on z/os , db2 (mainframe). The central services( SCS and ASCS) are also on the mainframe. So the message server is on mainframe.
    The CI is on AIX and The DI is on AIX.
    We have Logon groups configured and load balancing Configured and is RFC enabled.
    1) When we connect to SAP using the SAPGUI and  the portal connection is made to either CI or DI depending upon the best response times.  Now recently we are running the mercury load testing, all the users are connecting to DI. Why are the users connecting to DI even though we have load balancing?
    2) I have a system with SID BP0, with one CI and one DI. The logon group is BP0 and the message server name is cyrix. Now I have other another system EP0. I have created a RFC connection from EP0 to BP0. In SM59 I have selected the load balancing option, and provide the message server name, SID and logon group name. The connection does not work. If I connect directly to the CI or DI the connection works. Please tell me how can I configure load balancing for RFC connections.
    Thanks
    Manmath.

    Dear 917996,
    There are two types of load balancing:
    - Client-side load balancing (setting up the tnsnames.ora on client side). More information here (http://ggsig.blogspot.co.uk/2012/04/client-side-
    load-balancing-in-oracle.html). Very good video produced my friend Igor Melnikov is here (http://www.dsvolk.ru/oracle/racdd4d/demos/video/loadbalance/client/clientloadbalance_viewlet_swf.html)
    -Server-side load balancing (remote_listener and setting service parameter clb_goal). Very good Igor Melnikov's video is here (http://www.dsvolk.ru/oracle/racdd4d/demos/video/loadbalance/server/serverloadbalance_viewlet_swf.html).
    I have read about client side and server side load balancing. By editing tnsnames.ora I have enabled client side load balancing which is suppose to select listeners at random. then why does it only go to second node?Could you please show your tnsnames.ora on client?
    Please can anyone help me to configure server side load balancing with SCAN. I have read many many post but couldn't find a clear answer.Based on your output (remote_listener string cmbtrnrac-scan:1521) you have already configured the server side load balancing.
    SQL> show parameter listener
    NAME TYPE VALUE
    listener_networks string
    local_listener string (DESCRIPTION=(ADDRESS_LIST=(AD
    DRESS=(PROTOCOL=TCP)(HOST=10.1
    7.67.214)(PORT=1521))))
    remote_listener string cmbtrnrac-scan:1521How many SCANs do you use? Do you use DNS?
    regards,
    Gennady

  • Cisco load balancer?

    Just curious if anybody has tried using a Cisco load balancer with Directory Server (5.x.) Specifically:
    http://www.cisco.com/warp/public/cc/pd/si/11000/prodlit/cs105_ds.htm
    (They start out talking about web, but if you look further down you'll see they also support LDAP.)
    Here's my thought: get two 5.x servers in multi-master configuration behind one of these Cisco products. That way applications that like to cache DNS info on the LDAP server they should be using won't get confused if one of the hosts is taken down for upgrades/whatever. Thoughts?
    I guess the other way to handle this would be to run Sun Cluster + necessary stuff for LDAP. Any unbiased opinions as to which approach might be better? ;-)

    Or use the Directory Proxy (aka iDAR)...
    We have customers using the Cisco load balancer with Directory server 5. Others are using iDAR, others use Sun Cluster... Can't tell which approach is better.
    The only issue I forsee with a load balancer in front of 2 masters, is that it may increase the risks of conflicts if the servers are not fully synchronized (such as under heavy load).
    Regards,
    Ludovic.

  • Cisco Load balancer and Web Dispatcher to the same portal

    Hello Experts,
    We have implemented intranet portal with Cisco as the load balancer. Now we need to expose this intranet to the outside world as an extranet portal. So the same portal will be accessed from both intranet and from outside. We are thinking of installing a web dispatcher in the DMZ so that outside users can access the Web Dispatcher URL to access the intranet portal. In effect intranet users will use load balancer and extranet users will use Web Dispatcher to access the same portal. Now my question is if we configure Load Balancer and Web Dispatcher to the same portal, will the portal be able to load balance properly? Is this the right approach?
    Thank You,
    mansooralip1

    Dear Andrew,
    We need to provide access to our intranet to some outside companies for them to also use some of our portal applications. As per your answer, I understand that I can configure Web Disptacher to talk to the Cisco Load Balancer of our portal. In this case Web Dispatcher will work just as a reverse proxy. But when I discussed this with one of our basis resource, he told me that when we install and configure Web Dispatcher, it always ask for the Message Server URL and Port number, even if I just want to use Web Dispatcher as a Reverse Proxy. If his concerns are valid, I do not think I will be able to configure Web Dispatcher to access the cisco Load Balancer because I cannot put Cisco load banacer URL and port instead of the Message Server URL and Post Number. Can you kindly share your comment on the same?
    Now the second part of my question, if Web Dispatcher cannot be configured to talk to Load Balancer(as mentioned by our basis resource), I will have to use two load balancers. One web Dispatcher in DMZ as a Load Balancer *** Reverse Proxy for the external users. Second the internal Cisco Load Balancer for the intranet users. So the same portal will be accessed by two load balancers. My question here is, in this set up, can the portal work efficieintly here by distributing equal loads two both the server instances?
    Thank You,
    mansooralip1

  • Do i have to configure ssl on cisco unified provisioning manager for it to work. I am running BE6000 9.X

    Do i have to configure ssl on cisco unified provisioning manager for it to work

    Here is the code
    #include <userint.h>
    #include "iface.h"
    #define DAQmxErrChk(functionCall) if( DAQmxFailed(error=(functionCall)) ) goto Error; else    
    int write_onoff(uInt8 HL, const char linename[])
      int         error=0;              // error code (initialized to zero i.e. no error)
      TaskHandle  taskHandle=0;            // task ID for DAQmx
      char        errBuff[2048]={'\0'}; // error message
      // DAQmx Configure Code
      SetWaitCursor(1);
      DAQmxErrChk(DAQmxCreateTask("", &taskHandle));
      DAQmxErrChk(DAQmxCreateDOChan(taskHandle, linename, "", DAQmx_Val_ChanPerLine ));
      // DAQmx Start Code
      DAQmxErrChk(DAQmxStartTask(taskHandle));
      // DAQmx Write Code
      DAQmxErrChk(DAQmxWriteDigitalU8(taskHandle, 1, 1, 10.0, DAQmx_Val_GroupByChannel, &HL, NULL, NULL));
      Error:
        SetWaitCursor(0);
        if (DAQmxFailed(error)) DAQmxGetExtendedErrorInfo(errBuff, 2048);
        if (taskHandle!=0)
          // DAQmx Stop Code
          DAQmxStopTask(taskHandle);
          DAQmxClearTask(taskHandle);
        if (DAQmxFailed(error)) MessagePopup("DAQmx Error", errBuff);  
      return error;  
    } // end write_digital_line
    int CVICALLBACK test (int panel, int control, int event, void *callbackData, int eventData1, int eventData2)
      uInt8 onoff=0;
      if (event==EVENT_COMMIT)
        GetCtrlVal(panel, control, &onoff);
        write_onoff(onoff, "Dev1/port0/line0");
      return 0;  // return 0 to tell the system the message has been handled    

  • Iview contents missing when using FQDN Cisco Load Balancer

    Hello Experts,
    We are using Cisco load balancer to distribute the load across the portal servers. Everything was working fine, but after upgrades to the latest support package stack SP18, we ran into some odd behavior. Some of the contents on the iview are blank when using FQDN load balancer URL e.g. http://sap1234.corp.com/irj/portal .  But those blank contents does show up if we donu2019t use FQDN e.g. http://sap1234./irj/portal .  At this point we are not sure where to start troubleshooting?
    Any helps would be appreciated,
    Dave
    Edited by: davidn on Feb 27, 2009 11:50 AM

    Isn't this the same as your other post? I'm locking this one...

  • What SSL accelerator and load-balancer does anyone recommend?

    Hi:
    I wanted to find out:
    Does anyone recommend SSL accelerator cards/boards or SSL accelerator appliances?
    What SSL accelerator and load balancer does aynone recommend to help 9iAS?

    Ana_Alm wrote:
    Hi there!
    I just downloaded and installed OS X Lion, and I'm loving it so far.
    However, I've seen that Mountain Lion will have some new features when it comes to social apps (what I call the ones that combine twitter, facebook, rss readers and so on).
    So, does anyone knows any cools apps for that? I'm currently using Socialite, that combines all those three, but it has a few issues I don't particularly like. Plus, I'm using Adium for a msn client. I'm also thinking about downloading that beta version of "Messages" that will be realeased on Mountain Lion.
    So, what do you think? Give me your ideas
    Thanks a lot in advance!
    As Mountain Lion has not been released to the public yet, then most of us have no idea which companies have updated the development of their Apps for  ML. It is in Development phase so any App you try is at your own risk.
    Good Luck
    Pete

  • OAM 11gR2 Throwing SSL Warning after configured to use HTTPS Load Balancer

    I have configured OAM 11gR2 to use an https load balancer on 14100 and have set my managed servers SSL listen port to 14100 (Could not use 14101 because the HTTPS VIP created was listing on 14100) everything works fine with this configuration, but my logs are filling up the the following warning.
    <Oct 3, 2012 1:41:54 PM UTC> <Warning> <Security> <BEA-090475> <Plaintext data for protocol HTTP was received from peer 10.228.0.1 - 10.228.0.1 instead of an SSL handshake.>
    I know that 10.228.0.1 is the DNS server, but I'm not sure why this happening. Any ideas?

    What is WLS and OHS versions are you using in this environment?
    If it's old version than these, please upgrade WLS to 10.3.3 and the OHS to 11.1.1.3. These is a known bug on WLS side not it OAM.
    I hope this helps,
    Thiago Leoncio.

  • Configuring ACE 4710 for Load Balancing Speech servers

    Hello, I'm configuring ACE 4710's for the first time and I want to load balance my Nuance speech servers on port 554. Here's my configuration on ACE01:
    hostname ace471001
    interface gigabitEthernet 1/1
      switchport access vlan 1000
      no shutdown
    interface gigabitEthernet 1/2
      shutdown
    interface gigabitEthernet 1/3
      shutdown
    interface gigabitEthernet 1/4
      shutdown
    access-list ALL line 8 extended permit ip any any
    rserver host nss01
    class-map type management match-any remote_access
      2 match protocol xml-https any
      3 match protocol icmp any
      4 match protocol telnet any
      5 match protocol ssh any
      6 match protocol http any
      7 match protocol https any
      8 match protocol snmp any
    policy-map type management first-match remote_mgmt_allow_policy
      class remote_access
        permit
    interface vlan 1000
      ip address 10.20.17.21 255.255.248.0
      access-group input ALL
      service-policy input remote_mgmt_allow_policy
      no shutdown
    How would I configure my speech server to isten on 554?
    Thanks in advance

    Hello Reginald
    Currently you have only basic network configuration, there is no loadbalancing config
    I'm not sure what exactly you're asking about , but basically you need to have
    - real servers configured on ACE (
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp999495)
    - serverfarm configured on ACE (
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp1014522)
    - L7 policy map (
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1171109 ,
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1027248 )
    - L4 policy map , class-map (
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1027819)
    And then apply it on necessary interface.
    This is a general configuration, in your specific case you may need to configure some additinal features (e.g. I think you will need to have stickiness enabled
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/sticky.html but it depends on your application)
    links are for old config guids , but basic is pretty much the same for all versions.
    Please check them and try to narrow down your question a bit.

  • NW04 Portal and Cisco Load balancer

    Hi everybody,
    does anyone have a similar landscape as I have?
    Reverse Proxy - Cisco Content Switch Module for Load Balancing - two NW04 Portal Servers.
    How did you configure the stickyness / Load balancing mechanism on the load balancer in order to get it running?
    Cheers
    Jochen

    Hi,
    Web AS Java issues a cookie called saplb.
    You can check its value by connecting to the portal and then launching the command
    "javascript:alert(document.cookie)"
    within the browser. You will get a cookie value like
    saplb_*=(J2EE6202500)6202551          
    The value in brackets determines the Instance; the second number equals the actual ClusterID (can also be found in the VisualAdmin. Usually 50 indicates the 1st server node, 51 the second one etc.
    The saplb_*-cookie can be checked by the cisco see Cisco-Link above. Just configure the Cisco to be sticky on the  instance number (value in the first brackets, in the example 6202500).
    Several Customers do it like this, and actually the SAP Webdispatcher is also using this cookie to determine the instance to distribute the request to.
    Good luck Bernhard

  • WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS

    Hi,
    I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http. 
    When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl. 
    What change should I make so that WSDL url will have https instead of http ? 
    This is service side configuration.
    <system.serviceModel>
        <services>
          <service name="Service.IService">
            <endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
          </service>
        </services>
        <bindings>
          <basicHttpBinding />
        </bindings>
        <client />
        <behaviors>
          <serviceBehaviors>
            <behavior>
              <serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
              <serviceMetadata httpGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
      </system.serviceModel>
    Thanks in advance !!

    Hi,
    For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
    <behaviors>
    <serviceBehaviors>
    <behavior
    name="MyServiceTypeBehaviors"
    >
    <serviceMetadata
    httpGetEnabled="true"
    />
         </behavior>
    </serviceBehaviors>
    </behaviors>
    For more information, you could refer to:
    http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
    http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
    Regards

Maybe you are looking for

  • How can i use an aperture library on a 2009 white macbook?

    I made a set of 6 Aperture libraries on my MacPro Westmere using latest version. These open on my MP in iPhoto as well. A colleague needs these libraries (organisation related photo categories). They would not open on his white 2009 MacBook -- OS 10.

  • Help with processing groups of records in database

    Ok i'm at work right now trying to finish up a project for my class and what it is is a basic class to process an inner join sql statement generated table from access and order it by the student id in order to group each student together. I have writ

  • BAPI to update AR entries

    Hi, is there any BAPI to update AR entries for a customer along with the GL. Regards, vijay.

  • Centering a web page

    Hello All; I receitly inquired about how to center a web site in a users browser and when I tried your suggestions, it worked. However, for some reason, my web pages are no longer centered though it looks like I have the Left and Right margins of the

  • Why does Safari close suddenly?

    Safari closes suddenly during use on myiPad, and when I reopen it, it usually forgets where it was. It is happening more and more lately. Sometimes my Bejeweled ap does it too.