Issue in setting flex app in load balanced environment using SSL
I have developed the dashboard in my application using flex 3.0. For this I have used JSP wrapper around the flex application. My application runs on JBoss application server. for communication between flex app and my application i am using LCDS. HTTPService component is being used to receive data from the server. Channel definitions are given in service-config.xml for amf and http channels and for both secure secure and not secure mode. In my proxy-config.xml i have defined Channels and destinations.
services-config.xml
<channel-definition id="my-amf" class="mx.messaging.channels.AMFChannel">
<endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/amf" class="flex.messaging.endpoints.AMFEndpoint"/>
<properties>
<polling-enabled>false</polling-enabled>
</properties>
</channel-definition>
<channel-definition id="my-secure-amf" class="mx.messaging.channels.SecureAMFChannel">
<endpoint url="https://{server.name}:{server.port}/{context.root}/messagebroker/amfsecure" class="flex.messaging.endpoints.SecureAMFEndpoint"/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>
<channel-definition id="my-http" class="mx.messaging.channels.HTTPChannel">
<endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/http" class="flex.messaging.endpoints.HTTPEndpoint"/>
</channel-definition>
<channel-definition id="my-secure-http" class="mx.messaging.channels.SecureHTTPChannel">
<endpoint url="https://{server.name}:{server.port}/{context.root}/messagebroker/httpsecure" class="flex.messaging.endpoints.SecureHTTPEndpoint"/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>
proxy-config.xml
<default-channels>
<channel ref="my-http"/>
<channel ref="my-amf"/>
<channel ref="my-secure-http"/>
<channel ref="my-secure-amf"/>
</default-channels>
<destination id="dashboardService">
<properties>
<url>/kr/servlet/DashboardServlet</url>
</properties>
</destination>
<destination id="dashboardJSPService">
<properties>
<url>/kr/krportal/dashboardJSPService.jsf</url>
</properties>
</destination>
In my development environment both secure and non secure mode were working fine. Now when I have deployed it behind the load balancer(which accepts secure requests only and if the request is not secure it redirects it to secure url) there is no response from the message broker servlet. One thing more I have observed is when the environment is non load balanced there are request like 'http://{server.name}:{server.port}/{context.root}/messagebroker/http'. and these requests are post request. But in load balanced environment with ssl the request is again like 'http://{server.name}:{server.port}/{context.root}/messagebroker/http' which is a post request and it is redirected to 'https://{server.name}:{server.port}/{context.root}/messagebroker/http' which is a get request. The content returned by this get request is null.
Looking for some comments
Thanks
Abhishek Gupta
if the load balancing environment is already well configured, thes rest is very easy, there is no difference between a configuration of load balancing environment and a simple one, for you that is transparent, except the manual deployment and manual copying
of files in the directory 15
Similar Messages
-
Flex Load Balancer Environment URL Redirect
Hi,
Our Flex application is running on a load balancer environment, where SSL is terminated. From the browser to load balancer, the connection is using https and from the load balancer to the server, it is http. What we are noticing is, when the https url is invoked on the browser, it immediately redirects the url from https to http. This breaks the connection and an error message unable to connect is shown on the browser. We traced the network traffic using the Live HTTP headers, it showed the same redirect in the url with the message HTTP/1.1 302 Moved Temporarily.
Please let me know, how i can resolve this issue. Also let me know, if you need any other information from me.
Thanks for your help.
Murugan.I'm kind of a newbie on the netscaler. What od you mean by stick? We keep persistence by a cookie insert.
I did find out what the issue was, our E1 installation sits on port 8086, so from the netscaler we would reroute the port 80 calls from jdesso.xxx.local to the E1 server, but for some reason when the handoff came back from OID to E1 the load balancer somehow realized the app server was running from port 8086 and it mixed the whole process up (instead of keeping all traffic to and from the client on port 80). To workaround this I created a new virtual server to listen on port 8086, then I redirected the port 80 calls to new 8086 VS, and then from the 8086VS to the app server and it worked correctly. -
Setting up SharePoint 2013 Apps in a load balanced environment
All,
Looking for some articles on how to configure SharePoint 2013 Apps in a load balanced farm (2 WFEs, 2 APP servers, 2 SQL DBs).
Thank you!if the load balancing environment is already well configured, thes rest is very easy, there is no difference between a configuration of load balancing environment and a simple one, for you that is transparent, except the manual deployment and manual copying
of files in the directory 15 -
App.server load balancing for SAP System with 1 PS
Hi,
In SAP CPS 7.0 (Build M26.12) I have a SAP system with Central Instance + 10 App.servers, but all instances are managed by 1 ProcessServer.
After activating the "App.server load balancing" setting in SAP system definition the application servers are becoming visible in CPS with their load factors (number of BGD wp's on app.servers) and load numbers (number of active jobs on app.servers).
This is so far fine, but the additional functionality is not working as I would expect, I have issues with 2 functionalities:
1. Based on documentation after activating also the XAL connection the CPS should submit the job on app.server with best performance based on XAL monitoring data filling the TARGET_SERVER parameter.
This functionality is not working for me at all
2. A useful functionality after activating the "App.server load balancing" setting is that the ProcessServer is going to "Overloaded" status when all BGD wp's of SAP system are occupied, thus restricting submitting new jobs during overload situation. But I had an issue also with this functionality, after SAP system recovery from overload situation, the CPS still remained in Overload status (so no new jobs were submitted).
As a workaround I had increased the treshold values for loads on all app.servers for this SAP system, what was fine for several days, but after a while I believe this was a reason of unexpected performance issues in CPS, therefore I have deactivated the 'App.server load balancing" setting at all for this ProcessServer.
I would appreciate your feedbacks with this functionality.
Thanks and Regards,
Ernest LiczkiHi Preetish,
This connect string option is to loadbalance RFC connections. These are balanced upon login, once you are connected to a particular application server (AS) you stay on that server until you reconnect.
Since CPS uses multiple RFC connections, this will result in the connections being distributed over the available AS resources which is fine as long as they are generally evenly loaded. If you have certain AS hosts that are continuosly more loaded than the rest, then you probably don't want the CPS RFC connections to end up on these servers.
The original question is about loadbalancing of batch jobs over the available AS resources, and this is done independent of the RFC connection load balancing. Even if all CPS RFC connections are pinned to the DB/CI host, you can still loadbalance jobs over the available SAP AS hosts, either by using SAPs builtin balancing, or the CPS algorithm by activating the checkbox as indicated in the first entry in this thread.
Finally, to reply to Ernest's question: I believe there are some fixes on the app load balancing in the latest release, M26.17 should be available on the SWDC now.
Regards,
Anton.
Edited by: Anton Goselink on May 29, 2009 9:06 PM -
Cluster/load balance weblogic using L4 switch like Alteon
Can I install weblogic as a standalone server on 2 or more server and
cluster/load balance weblogic using a hardware balancer like Alteon Layer4
switch (of course I will use a centralised storage to maintain a single copy
of data which will eliminate syncronizing problem among servers)?
BTW, Alteon can support persistent binding. The reason to use a Layer 4
switch is that it is very fast, and this will make the application server
layer transparent to client, the client can think this is a single server
(it don't need to know whether there are 5 weblogic servers or 20 weblogic
servers behind switch), and hardware are more reliable, sacalable and fast.
I am not sure whether the normal weblogic clustered servers need to
share/exchange info on the running memory, if it does, this approach will
fail.
So My understanding is:
Alteon with WL 6.0 can do load balancing for:
entity bean
stateless session bean
but can't do load balancing for:
stateful session bean (will persistent/sticky binding solve part of the
problem except fail-over)
in-memory replication
am I right?
Pao Wan
"Don Ferguson" <[email protected]> wrote in message
news:[email protected]...
> It is possible to configure Alteon to understand the WebLogic 6.0 cookie
format
> and have a proxy-less cluster configuration that performs load balancing
and
> fail over of session state.
>
> It is also possible to configure Alteon's hardware-based SSL decryption
for really
> fast HTTPS processing.
>
> We are working on a white paper that describes how to configure Alteon for
use
> with WebLogic Server 6.0.
>
> -Don
>
>
> Robert Patrick wrote:
>
> > Cameron,
> >
> > I believe that BEA tested their new proxy-less web clustering solution
with
> > load-balancing products from Alteon and several other vendors
(Arrowpoint ?--
> > which is now Cisco). However, it was my understanding that these
products do
> > not understand how to decrypt our cookies and extract IP addresses but
rather
> > these products are capable of doing sticky load balancing based on the
Session
> > ID contained in our cookie.
> >
> > If this is correct, then what this means is that when the primary server
fails,
> > the request will be routed to "some other server" in the cluster but not
> > necessarily the one that holds the secondary copy of the user's session.
The
> > change in WLS 6.0 is that WLS will accept these misdirected requests and
it will
> > go out to the correct server and "migrate" the session to the server
that
> > received the request making that server the new primary (and
regenerating the
> > Session ID).
> >
> > I am sure if this is wrong that our product manager or one of our
engineers will
> > correct me (please?)...
> >
> > Hope this helps,
> > Robert
> >
> > Cameron Purdy wrote:
> >
> > > Hi Robert,
> > >
> > > FWIW - There are several vendors (Primeon? Arrowpoint?) who claim to
> > > understand WL cookies and parse the IPs out. (I haven't verified it
myself
> > > though.)
> > >
> > > --
> > > Cameron Purdy
> > > Tangosol, Inc.
> > > http://www.tangosol.com
> > > +1.617.623.5782
> > > WebLogic Consulting Available
> > >
> > > "Robert Patrick" <[email protected]> wrote in message
> > > news:[email protected]...
> > > > There are not any hardware vendors (yet) that can understand
WebLogic's
> > > session
> > > > ID. While you might be able to use the load balancer without the
proxy on
> > > 5.1,
> > > > you would not be able to take advantage of in-memory replication
failover
> > > unless
> > > > you only had two machines in the cluster. Like you said, everything
will
> > > work
> > > > with 6.0 regardless of how the load balancer works (though you
really,
> > > really
> > > > want to minimize the number of times the requests come into the
wrong
> > > server by
> > > > utilizing sticky load balancing).
> > > >
> > > > Hope this helps,
> > > > Robert
> > > >
> > > > Cameron Purdy wrote:
> > > >
> > > > > Rajesh,
> > > > >
> > > > > I meant that it would work in lieu of a proxy (such as Apache or
NES)
> > > with
> > > > > 5.1, but only if both the hw load balancer and WL were set up to
use
> > > > > cookies. Some hw load balancers rely on IP and that doesn't
work -- AOL
> > > > > connections for example can change the source IP on the fly.
Others
> > > produce
> > > > > their own cookies, that will work. Some even can use WL cookies
and
> > > parse
> > > > > them to determine where to go. According to what I've read, with
6.0 if
> > > the
> > > > > WL primary dies or for some other reason the request shows up at
the
> > > "wrong"
> > > > > server, it will be handled correctly. That means you are pretty
safe
> > > with
> > > > > hw load balancers and 6.0, almost regardless of the sticky
> > > implementation
> > > > > that they use.
> > > > >
> > > > > --
> > > > > Cameron Purdy
> > > > > Tangosol, Inc.
> > > > > http://www.tangosol.com
> > > > > +1.617.623.5782
> > > > > WebLogic Consulting Available
> > > > >
> > > > > "Rajesh" <[email protected]> wrote in message
> > > > > news:[email protected]...
> > > > > >
> > > > > > Hi Cameron,
> > > > > > Can you elaborate on how it would work with WL5.1 since no in
memory
> > > > > replication
> > > > > > would happen if the servers are standalone.
> > > > > >
> > > > > > "Cameron Purdy" <[email protected]> wrote:
> > > > > > >Yes, this will work fine with WL6. (WL5.1 will work fine as
long as
> > > > > cookies
> > > > > > >are used by the load balancer.)
> > > > > > >
> > > > > > >--
> > > > > > >Cameron Purdy
> > > > > > >Tangosol, Inc.
> > > > > > >http://www.tangosol.com
> > > > > > >+1.617.623.5782
> > > > > > >WebLogic Consulting Available
> > > > > > >
> > > > > > >
> > > > > > >"paowan" <[email protected]> wrote in message
> > > > > > >news:[email protected]...
> > > > > > >> Can I install weblogic as a standalone server on 2 or more
server
> > > and
> > > > > > >> cluster/load balance weblogic using a hardware balancer like
Alteon
> > > > > Layer4
> > > > > > >> switch (of course I will use a centralised storage to
maintain a
> > > single
> > > > > > >copy
> > > > > > >> of data which will eliminate syncronizing problem among
servers)?
> > > > > > >>
> > > > > > >> BTW, Alteon can support persistent binding. The reason to use
a
> > > Layer
> > > > > > >4
> > > > > > >> switch is that it is very fast, and this will make the
application
> > > > > server
> > > > > > >> layer transparent to client, the client can think this is a
single
> > > > > server
> > > > > > >> (it don't need to know whether there are 5 weblogic servers
or 20
> > > > > weblogic
> > > > > > >> servers behind switch), and hardware are more reliable,
sacalable
> > > and
> > > > > > >fast.
> > > > > > >>
> > > > > > >> I am not sure whether the normal weblogic clustered servers
need to
> > > > > > >> share/exchange info on the running memory, if it does, this
> > > approach
> > > > > will
> > > > > > >> fail.
> > > > > > >>
> > > > > > >>
> > > > > > >
> > > > > > >
> > > > > >
> > > >
>
-
Hi,
I have load balancing between 2 Apps Tier, and all the Users are connected to Node2 only, none of the users are on Node1.
Apps 11i and DB 10.2
Any suggestion please....
Thanks,I have load balancing between 2 Apps Tier, and all the Users are connected to Node2 only, none of the users are on Node1.
Apps 11i and DB 10.2
Any suggestion please....Was this working before? If yes, any changes been done recently?
Please run AutoConfig and bounce the services and see if you can reproduce the issue.
Also, please review (Advanced Configurations and Topologies for Enterprise Deployments of E-Business Suite 11i [ID 217368.1]) and make sure your setup is correct.
If you can access each of the nodes directly (not through the load balancer), then you need to check the configuration of your load balancer -- Implementing Load Balancing On Oracle E-Business Suite - Documentation For Specific Load Balancer Hardware [ID 727171.1]
Thanks,
Hussein -
Can I load a swf into my Flex app that loads other swf's?
The code below loads an AS2 swf into my Flex mobile for IOS app and it works. If that AS2 swf has like a circle in it that runs across the stage, it loads and displays properly when run in FlashBuilder.
<?xml version="1.0" encoding="utf-8"?>
<s:Application xmlns:fx="http://ns.adobe.com/mxml/2009"
xmlns:s="library://ns.adobe.com/flex/spark"
xmlns:mx="library://ns.adobe.com/flex/mx"
initialize="init()">
<fx:Script>
<![CDATA[
import mx.core.UIComponent;
private var request:URLRequest = new URLRequest("http://PATH_TO_AS2_SWF");
private var loader:Loader = new Loader();
private var myComponent:UIComponent = new UIComponent;
private function init():void{
myComponent.percentHeight = 100;
myComponent.percentWidth = 100;
loader.load(request);
myComponent.addChild(loader);
player.addElement(myComponent);
]]>
</fx:Script>
<s:Group id="player"
height="100%" width="100%"/>
</s:Application>
But if that AS2 swf loads other swf's, they don't load or display. My FlashBuilder debugger reports no errors or security sand box violations. I'm using the most elemental code in my AS2 swf so as to not cause problems. This is it in its entirety:
this.onLoad = function(){
_root.loadMovie("http://[PATH_TO_REMOTE_SWF]");
The paths to the remote content are fine because swf's load and display fine from AS2 swf when run on it's own - not embedded in Flex app. They also load and run fine if I cut out the AS2 swf and access directly from my Flex code. So I know there isn't a path issue. More likely not accessing the right layer in the AS2 swf from Flex or something. Or maybe security sandbox violation but I don't see anything reported in the FlashBuilder debug console. When run console just reports:
[SWF] SwfMobile.swf - 2,639,761 bytes after decompression
[SWF] assets/swf/AS2.swf - 1,470 bytes after decompression
Is there something inherently wrong with loading swf's that load other things? Even if I have the AS2 swf load jpgs they don't load so the format of the target content at the end of the chain doesn't seem to be the issue. Just the act of embedding a swf that loads other things seems to be the problem.Ah, yes. Using an AVM1 SWF could prove difficult...
I'm going on about 3 hours of sleep at the moment, but let me toss out a few thoughts I have and hopefully something will stick...
Ok, so my first thought what to try and cast the loaded content as a MovieClip and call methods on that, but the fact they are AVM1 throws that out the window.
That leaves LocalConnection, as you mentioned. But this would require you to have code on the receiving end to handle the connection... no good either.
But what if you created a "bridge" in AS2 that holds all the code for the receiving end of LocalConnection (or has the control logic itself, perhaps even eliminating the need for LocalConnection all together!). I think maybe this is what you were trying to do already by loading a SWF into a SWF? Well instead of loading your bridge at runtime, what if you statically linked it into your project as a class?
*a few moments later*
Well it looks like you can in fact link in a a symbol created for AVM1, but it will only come in as a SpriteAsset, and will not include any custom code (which makes sense, since they use entirely different class constructs).
To do the test, I created a symbol exported for actionscript (AS2/Flash8), then linked it in with a CSS style embed. I then instantiated the class and called describeType on it.
So in summery, it looks like calling custom code on the bridge is out (I did not test this extensively, that was just my first impression with this simple test). However, if you may be able to perform the actions you need by attempting to cast the loaded content into something AVM2 can recognize. Apparently it does this automatically when linked in statically, so maybe there is something there worth looking into... mainly, can you do what you need using only the base class and no custom code?
Keep me posted! -
Load balancing weirdness using NAT and same-metric route
Hi.
I'm trying to set up a double-WAN load-balancing scenario:
I decided to attempt the "multiple same-metric routes with NAT" approach so I went for the example used in the IOS NAT Load-Balancing for Two ISP Connections Configuration Guide [1].
I decided to use an upside-down Cisco 871-SEC/K9: use Vlan1 and Vlan2 for the routers and Fa4 for the LAN. I am hoping this is not an issue.
There is this weirdness with some connections, particularly FTP. I pinpointed the problem to the following scenario: if I do a couple of pings to 100.1.1.1 using the FastEthernet4 as the source address, this is what I get in the logs:
=== PING 1 ECHO REQUEST ===
*Mar 3 04:38:43.521: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan1), routed via RIB
*Mar 3 04:38:43.521: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14152]
*Mar 3 04:38:43.521: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan1), g=10.129.124.1, len 60, forward
*Mar 3 04:38:43.521: ICMP type=8, code=0
=== PING 1 ECHO REPLY ===
*Mar 3 04:38:45.589: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19824]
*Mar 3 04:38:45.589: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:45.589: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:45.589: ICMP type=0, code=0
=== (something else) ===
*Mar 3 04:38:52.353: RT: SET_LAST_RDB for 0.0.0.0/0
OLD rdb: via 10.129.124.33, Vlan2
NEW rdb: via 10.129.124.1, Vlan1
=== PING 2 ECHO REQUEST ===
*Mar 3 04:38:52.353: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan2), routed via RIB
*Mar 3 04:38:52.353: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14159]
*Mar 3 04:38:52.353: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan2), g=10.129.124.33, len 60, forward
*Mar 3 04:38:52.353: ICMP type=8, code=0
=== PING 2 ECHO REPLY ===
*Mar 3 04:38:53.029: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19825]
*Mar 3 04:38:53.029: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:53.033: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:53.033: ICMP type=0, code=0
In the section "Ping 2 Echo Request" line 2 shows the NAT translating the packet to the address for the first provider but line 3 shows it routing it through the second one.
In this case, the ICMP packet goes through but it is problematic if the ISP restricts the service by source-address (like RPF) or there is some acceleration mechanism inside the provider cloud, other than just plain routing.
What am I missing? Here is the relevant part of the configuration. I deliberately disabled CEF to be able to debug the messages, but I *think* this may be altering the actual router behavior. This router does not have a "debug ip cef packet" command.
no ip cef
ip dhcp pool lan-side
import all
network 192.168.60.0 255.255.255.0
default-router 192.168.60.1
domain-name doublewan.local
dns-server 8.8.8.8 8.8.4.4
lease infinite
ip domain name doublewan
interface FastEthernet0
!doesn't appear on running-config: vlan 1 is the default access vlan
!switchport access vlan 1
interface FastEthernet1
switchport access vlan 2
interface FastEthernet2
shutdown
interface FastEthernet3
shutdown
interface FastEthernet4
ip address 192.168.60.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
interface Vlan1
ip address 10.129.124.2 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
interface Vlan2
ip address 10.129.124.35 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
ip route 0.0.0.0 0.0.0.0 Vlan1 10.129.124.1
ip route 0.0.0.0 0.0.0.0 Vlan2 10.129.124.33
ip nat inside source route-map nat1 interface Vlan1 overload
ip nat inside source route-map nat2 interface Vlan2 overload
ip access-list standard acl4-nexthop-vlan1
permit 10.129.124.1
ip access-list standard acl4-nexthop-vlan2
permit 10.129.124.33
route-map nat2 permit 10
match ip address 102
match ip next-hop acl4-nexthop-vlan2
match interface Vlan2
route-map nat1 permit 10
match ip address 101
match ip next-hop acl4-nexthop-vlan1
match interface Vlan1
control-plane
Of course, there is some configuration pending for redundancy and stuff.
Thanks a lot in advance.
[1] http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/100658-ios-nat-load-balancing-2isp.htmlHello.
This might be a bug in debug command or the IOS (without ip cef) you use; as routing is done before NAT (inside to outside).
To make sure it works fine with ip cef, just enable strict uRPF (or just ACL) on .1 and .33 interfaces and see if you see any packet sent over wrong interface.
PS: please check "sh ip cef 100.1.1.1"; I guess ip cef would tell you "per-destination sharing". -
Load Balancing with BigIP / SSL question
I have an oddball question. We're load balancing ColdFusion
MX7 across 3 servers using a BigIP load balancing server. We
decided to go the hardware approach and it has been great except
for one small configuration issue.
We use a mix of SSL and non SSL pages, prior to the switch
from a single server to a load balanced setup I used to script that
would determine if a page that was supposed to be SSL had the
variable CGI.HTTPS turned on or off. If it was off, the page would
redirect back to itself with the SSL turned on.
The problem we have is that we followed BigIP's instruction
to secure the load balancing hardware instead of the three servers
running behind it. So what happens is that the traffic goes to the
load balancer port 441, but then the calls from the load balancer
to the individual servers is port 80. So even if a page is called
as HTTPS://... the coldfusion server says that CGI.HTTPS is "off"
since the traffic is port 80.
This isn't much of a problem, our SSL pages are linked as
HTTPS:// and the only problem would actually arise if someone was
to type in the URL and call it as HTTP rather than HTTPS.
My questions is this, does anyone know of a way that I can
detect if the page should be HTTPS and is not without changing our
configuration and putting SSL certificates on each individual
server?Hey,
Well the load balancing with the BigIP device is really very
amazing. I think
what i liked most was swapping out servers when their lease
was up, through the
BigIP manager I just stopped all traffic to a server, shut it
down, plugged in
the new one and turned traffic back on. It was really very
easy.
The SSL stuff still gives me a headache to think about. but
I should mention I
no longer work where I was, plus now I'm all .net C# but
that's a different
story.
I think if I was going to do this all again I would not have
secured the bigIP
unit. It was nice to buy one SSL cert for all the servers I
attached rather
than one per server, but getting the SSL sites to work
properly was a headache.
We also use windows file replication where now I would go
with like a pair of
Dell MD1000's mirrored for storage and just have tons of ram
and cpu on the
front end units. Depends what you want to spend I guess. I
think the bigIP unit
we bought was like 20 grand, i think they are cheaper now
though.
Hope I helped. -
Load balancing with use of router 881.
Hello,
I have two MPLS line and i want load balancing with the help of CISCO router 881. is it necessary that i require two router on both location.? if one location have firewall and one location have cisco router 881 then can i do a load balancing or i require two router each on both location ? What are the basic requirement that i need.
Thanks,
KuntalDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
An 881 should be able to load share across multiple ports. Many routing protocol support ECMP, including BGP, but you need "special" hidden/secret commands to enable. EIGRP also supports unequal cost load sharing.
If an 881 supports OER or PfR, those too will do unequal load sharing, dynamically. -
ACE: load balancing servers using DMZ ports on FWSM
devices; (2 core with the ff config)
6500
fwsm
idsm
msfc
SETUP;
Servers are connected to the dmzs on the core
REQUIREMENT;
to load balance the servers
QUESTION;
Using the ACE module, is it possibe to load balance the servers which are connected to the port which is configured as DMZ?
Thanksdoes not matter where the servers are connected.
However, be aware that the flows from client to server needs to go through the loadbalancer BUT also the flows server to client.
So, you should be careful where you attach the ACE module.
The easier would be to attach to the DMZ as well between the FW and the servers.
Gilles. -
Load Balancing OBIEE using OC4J
Hi All,
I would like to know if there is a way of load balancing 2 instances of OBIEE using OC4J.
Please advice if possible and the steps required to achieve that.
A small correction ... we have 2 instance of OBIEE and 2 of stand alone of OC4J
Is there any way we can attempt to load balance the two???
Regards,
maabajaber
Edited by: maabajaber on Sep 22, 2010 4:19 AMHi All,
A small correction ... we have 2 instance of OBIEE and 2 of stand alone of OC4J.
I believe OC4J stand alone can do this but i dont know how
Is there any way we can attempt to load balance the two.
Regards,
maabajaber -
EIGRP load balancing when using HSRP on LAN
Hi
I have a question about my topology. I have two routers with EIGRP on both of them connected through 2 ISPs to other site. On those routers i have HSRP runing. Now my question is: HSRP is standby/active protocol so when one router act as active will it send data to other site only through one ISP??? will load balancing work on WAN side? will routers use both ISPs or just one- the one which is active in HSRP when sending data???Hi sotiris_pafitis, may be I didn't understand what you mean but if the idea is to configure one static on each router (pointing it's ISP) and redistribute it in EGRIP, I disagree: is useless because the other router will prefer the static route due to its better administrative distance. Using EIGRP unequal load balancing is useless because it balanced EIGRP path with different metric, not different Administrative distance. Isn't it ?
If you want to use static route simply configure two static route on each router: one though WAN interface and the other through the LAN.
For example:
R1#conf t
ip route 0.0.0.0 0.0.0.0 192.168.13.3
ip route 0.0.0.0 0.0.0.0 192.168.12.2
The result is:
R1#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "static", distance 1, metric 0, candidate default path
Redistributing via eigrp 100
Advertised by eigrp 100
Routing Descriptor Blocks:
* 192.168.13.3
Route metric is 0, traffic share count is 1
192.168.12.2
Route metric is 0, traffic share count is 1
In any case I think static router is not a good choice: in case of a fault on ISP 1, WAN interface can remain up producing a routing blackhole. If possible it's better to have a dynamic routing protocol between router and ISP, receving the default route and changing delay on interf to have the same metric for both the path
Bye,
enrico -
Load-balance / autofailover using 2 ISPs
Good morning.
we have a T1 installed at our site and recently purchased a broadband connection from a different ISP. Our plan is to utilize both ISPs to Load-balance our Internet and setup auto-failover in case either one fails. We run exchange 2007 and host an ASP application so we can't afford to have our Internet disrupted.
currently we have a 1841 cisco router for the T1 and we're trying to figure-out if we need to purchase an ASA Firewall to setup the auto fail-over / load balance system.
Can you tell me which is the best way to do this and what equipment / model of cisco routers/ Firewalls do you recommend to implement this?
Thanks,
CollinHi Collin -- We appreciate your post but, as this pertains to ISR 1841, think you'd be better served in the Cisco NetPro Forums.
Here's the link:http://forums.cisco.com/eforum/servlet/NetProf;jsessionid=37FE634C9B9344028C695A694C4E3971.SJ2A?page=netprof&forum=Small%20and%20Medium%20Business&topic=Technologies%20for%20Small%20Medium%20Businesses&CommCmd=MB%3Fcmd%3Ddisplay_messages%26mode%3Dnew%26location%3D.1ddbf5a7.
Thanks,
Stephanie -
Is it possible to set up OS X Server Mail to use SSL?
Like it says.... I'd like to be able to set up my main clients to connect to OS X Server's mail server with SSL. I've run into a few rumblings in Server about SSL and certificates; I haven't installed a certificate at this point, but I don't see any place where I'd be able to install a cert if I had one. Any thoughts out there?
Jim,
In Server App, click on your server under Hardware in the sidebar > Settings > SSL Certificate, click Edit.
If you've not installed an SSL certificate yet, you should see a self signed certificate using the hostname of your server. You can choose to use the certificate for all of your services, or use custom settings to choose which services will use SSL. As an example, you may wish to not use SSL on for your web server, depending on your needs.
In order to deliver mail to your users and in order for your server to communicate reliably with other SMTP servers, you'll need a valid, signed certificate installed.
We use GoDaddy for our SSL needs, and I'd recommend using them.
In order to get SSL up and running, here's what you'll need to do:
Purchase an SSL certificate - you'll need something called a CSR, which is text pasted from your server.
Generate a CSR in order to replace the self-signed certificate you have with a valid SSL certificate. In order to do this, go to Server App > Hardware > Your server > Settings > Edit SSL settings > Manage Certificates from the popup menu with the gear icon > click on your certificate > Generate CSR from the popup with the gear icon.
Copy the CSR text
Using your SSL provider's web site, paste the CSR text into the appropriate field when you're requesting the SSL certificate. The CSR should spit out a certificate with the appropriate hostname of your server.
Your certificate will be issued once you confirm it with an email link that should come from the SSL provider.
With an approved certificate, you need to download it. If you're using GoDaddy, slect OS X Server 10.6 as the format for the downloaded certificate.
When you get your certificate downloaded, take the signing authority certificate (not the one that has your hostname as the file name) and get ready to drop it into the Keychain app
Open the Keychain app and unlock.
Click on System in the sidebar and then Certificates.
Drag the signing authority certificate to your Keychain
using the Server App > Hardware > Your server > Settings > Edit SSL settings > Manage Certificates from the popup menu with the gear icon > click on your certificate > Replace Certificate with Signed or Renewed Certificate
Drag your certificate (the one that has your hostname as the file name) to the popup in Server App.
Apply the certificate and that should be good.
Restart for good measure.
Hope this helps. If you've got questions, post them and I'll see if I can help.
Chris
Maybe you are looking for
-
How is the best way to install the latest version of Crystal Reports 2008
I have been downloading for hours all the service packs, hot fixes, fix packs and chasing my tail for way too long on this. I keep getting errors about a file being out of sequence.... I assume there is a very loooooong list of fixpacks that need to
-
After updating iphone 3gs to ios 5 music and photos will not sync
updated to IOS 5 and now the phone will not sync music and photos, updated itunes, phone shows "no content"
-
Automatic Creation of Settlement Rule for Maintenance Order
Hi, While doing TECO for Maintenance Order, its asking for Settlement Rule. IF I click settlement rule, message is coming as Maintain Settlement Profile with options like With Default, Without Default & Cancel. I have maintained the Cost center in Eq
-
1065 Error: MouseCursor is not defined
I'm getting this error but only in IE9. The flash file works fine in all other browsers including IE7. Here is the webpage: www.webdevpractice.com/genoptix I needed to change the speed of the transitions and link each of the 3 images and make them cl
-
DOWNLOAD CRYSTAL REPORTS FOR ECLIPSE 1.0.8 not compatible with java 1.4
Hi, I understand that this plugin requires java 1.5. However, due to my company's existing infrastructure, I have to use java 1.4 for my web applications. May I know if there is a older version of the CRYSTAL REPORTS FOR ECLIPSE compatible with java