Terminate SSL on Cisco Load Balancer

Similar Messages

• How to configure SSL on Cisco Load Balancer

  I want to configure SSL termination on cisco LB. i just want to know is there any license required for this deployment ? please share me some configuration steps to deploy the SSL.
  Thanks
  Irfan Hussain

  Check the following basic ssl config
  http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Configuration_Examples_--_SSL_Configuration_Examples
  I think you do get a little of ssl resource without a license.
  Gilles.

• CISCO Load Balancer with SAP on Unix and Oracle

  Hello Experts,
  Explain me the steps How CISCO Load balancing Mechanism works with SAP Enterprise Portal?
  If anyone implemented and achieved the same,please explain me the steps to follow from Initial Stage to end of implementation.
  Or If you have any documentation on this just share with me or point me to the particular link.
  I have seen the below SAP help which is somewhat helpful.
  http://help.sap.com/saphelp_nw04s/helpdata/en/d3/e12840d89d185de10000000a1550b0/frameset.htm
  I would like to know how CISCO will connect to M/essage Server /Java Dispatcher.
  And explain me the steps to follow to implement External Facing Portal using Cisco Loadbalancer.
  This should be achieved in Unix environment.
  Any help would be greatly appreciated.
  Regards,
  Karthick Eswaran
  *Points will be rewarded for helpful suggestions

  We use F5 for loadbalancing, but all hardware loadbalancing solutions should similar. They offer multiple algorithms, we use simple round robin (SAP's webdispatcher has better options for load balancing). You create virtual IP to your CISCO loadbalancer. You then configure Cisco to route traffic to each portal application server. If you have CI + 2 appservers, you configure the loadbalancer to send traffic to cihost:port, appserver1:port, appserver2:port. You also create a DNS alias to the virtual IP of the loadbalancer. End users will use the DNS alias to connect your portal. Typically you use standard ports (80 & 443) on Cisco, so that end user URL does not contain any ports (so http traffic goes to port 80, https goes to port 443). You also need to enable cookie persistence on the load balancer for session persistence.
  For external facing portal, you need to have your loadbalancer in DMZ and you want to use SSL. You also need to setup firewall rules for your portal and backend servers.
  -RK

• Iview contents missing when using FQDN Cisco Load Balancer

  Hello Experts,
  We are using Cisco load balancer to distribute the load across the portal servers. Everything was working fine, but after upgrades to the latest support package stack SP18, we ran into some odd behavior. Some of the contents on the iview are blank when using FQDN load balancer URL e.g. http://sap1234.corp.com/irj/portal .  But those blank contents does show up if we donu2019t use FQDN e.g. http://sap1234./irj/portal .  At this point we are not sure where to start troubleshooting?
  Any helps would be appreciated,
  Dave
  Edited by: davidn on Feb 27, 2009 11:50 AM

  Isn't this the same as your other post? I'm locking this one...

• Cisco load balancer?

  Just curious if anybody has tried using a Cisco load balancer with Directory Server (5.x.) Specifically:
  http://www.cisco.com/warp/public/cc/pd/si/11000/prodlit/cs105_ds.htm
  (They start out talking about web, but if you look further down you'll see they also support LDAP.)
  Here's my thought: get two 5.x servers in multi-master configuration behind one of these Cisco products. That way applications that like to cache DNS info on the LDAP server they should be using won't get confused if one of the hosts is taken down for upgrades/whatever. Thoughts?
  I guess the other way to handle this would be to run Sun Cluster + necessary stuff for LDAP. Any unbiased opinions as to which approach might be better? ;-)

  Or use the Directory Proxy (aka iDAR)...
  We have customers using the Cisco load balancer with Directory server 5. Others are using iDAR, others use Sun Cluster... Can't tell which approach is better.
  The only issue I forsee with a load balancer in front of 2 masters, is that it may increase the risks of conflicts if the servers are not fully synchronized (such as under heavy load).
  Regards,
  Ludovic.

• Cisco Load balancer and Web Dispatcher to the same portal

  Hello Experts,
  We have implemented intranet portal with Cisco as the load balancer. Now we need to expose this intranet to the outside world as an extranet portal. So the same portal will be accessed from both intranet and from outside. We are thinking of installing a web dispatcher in the DMZ so that outside users can access the Web Dispatcher URL to access the intranet portal. In effect intranet users will use load balancer and extranet users will use Web Dispatcher to access the same portal. Now my question is if we configure Load Balancer and Web Dispatcher to the same portal, will the portal be able to load balance properly? Is this the right approach?
  Thank You,
  mansooralip1

  Dear Andrew,
  We need to provide access to our intranet to some outside companies for them to also use some of our portal applications. As per your answer, I understand that I can configure Web Disptacher to talk to the Cisco Load Balancer of our portal. In this case Web Dispatcher will work just as a reverse proxy. But when I discussed this with one of our basis resource, he told me that when we install and configure Web Dispatcher, it always ask for the Message Server URL and Port number, even if I just want to use Web Dispatcher as a Reverse Proxy. If his concerns are valid, I do not think I will be able to configure Web Dispatcher to access the cisco Load Balancer because I cannot put Cisco load banacer URL and port instead of the Message Server URL and Post Number. Can you kindly share your comment on the same?
  Now the second part of my question, if Web Dispatcher cannot be configured to talk to Load Balancer(as mentioned by our basis resource), I will have to use two load balancers. One web Dispatcher in DMZ as a Load Balancer *** Reverse Proxy for the external users. Second the internal Cisco Load Balancer for the intranet users. So the same portal will be accessed by two load balancers. My question here is, in this set up, can the portal work efficieintly here by distributing equal loads two both the server instances?
  Thank You,
  mansooralip1

• Configuring customized ldap ports on cisco load balancer

  Hi,
  I have configured ldap on a different ports than the 389 and 636.  How do I configure this port to be allowed on the Cisco load balancer.  I'm a newbie to cisco load balancer.  Is there any specific configuration to be followed to set the customized port on the load balancer ?
  Any help is appreciated.
  Thanks in advance

  Hi,
  By default, ACE denies all traffic coming to an interface and you need to define ACL's to allow traffic. You can define an extended ACL to allow the traffic from IP's, TCP/UDP ports etc. Please visit the below for details about ACL configuration on ACE.
  http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/securgd/acl.html#wp1018359
  Also, pasting another link for basic TS related to ACE.
  http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Troubleshooting_Guide_--_Troubleshooting_Access_Control_Lists
  Regards,
  Kanwal

• What SSL accelerator and load-balancer does anyone recommend?

  Hi:
  I wanted to find out:
  Does anyone recommend SSL accelerator cards/boards or SSL accelerator appliances?
  What SSL accelerator and load balancer does aynone recommend to help 9iAS?

  Ana_Alm wrote:
  Hi there!
  I just downloaded and installed OS X Lion, and I'm loving it so far.
  However, I've seen that Mountain Lion will have some new features when it comes to social apps (what I call the ones that combine twitter, facebook, rss readers and so on).
  So, does anyone knows any cools apps for that? I'm currently using Socialite, that combines all those three, but it has a few issues I don't particularly like. Plus, I'm using Adium for a msn client. I'm also thinking about downloading that beta version of "Messages" that will be realeased on Mountain Lion.
  So, what do you think? Give me your ideas
  Thanks a lot in advance!
  As Mountain Lion has not been released to the public yet, then most of us have no idea which companies have updated the development of their Apps for  ML. It is in Development phase so any App you try is at your own risk.
  Good Luck
  Pete

• CISCO Load Balancing Mechanism with SAP

  Hello Experts,
  Explain me the steps How CISCO Load balancing Mechanism works with SAP Enterprise Portal?
  If anyone implemented and achieved the same,please explain me the steps to follow from Initial Stage to end of implementation.
  Or If you have any documentation on this just share with me to my google id kekarthick or point me to the particular link.
  I have seen the below SAP help which is somewhat helpful.
  http://help.sap.com/saphelp_nw04s/helpdata/en/d3/e12840d89d185de10000000a1550b0/frameset.htm
  I would like to know how CISCO will connect to Java Dispatcher.
  And explain me the steps to follow to implement External Facing Portal using Cisco Loadbalancer.
  This should be achieved in Unix and Windows 2003 environment.
  Any idea?
  Regards,
  Karthick Eswaran
  Edited by: Karthick Eswaran on May 21, 2008 12:40 AM

  Hello Karthick,
  let's say you have 2 servers for your portal:
  host1 -> e.g. DB, SCS + CI --> http://host1.my.company:50000/irj/portal
  host2 -> DI --> http://host2.my.company:50000/irj/portal
  Now you can implement an CISCO hardware load balancer. You have to connect it to your network and reserve one port and another ip adress of it for the portal.
  After that you have to add the ip adress of the both servers (host1+host2) to this port, so that the CISCO load balancer knows to which servers it has to forward the incoming connections.
  If you use DNS in your company you can now map a more user-friendly name to the CISCO port (e.g. http://portal.my.company:50000/irj/portal) and distribute this link to the users of the portal.
  When they connect to the portal via this link the CISCO load balancer will forward the request to one of the configured servers (host1 or host2) depending which one is online and/or the load of them.
  I hope I understood your question right and my answer helps a little.
  Regards,
  Norman Schröder

• WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS

  Hi,
  I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http. 
  When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl. 
  What change should I make so that WSDL url will have https instead of http ? 
  This is service side configuration.
  <system.serviceModel>
      <services>
        <service name="Service.IService">
          <endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
        </service>
      </services>
      <bindings>
        <basicHttpBinding />
      </bindings>
      <client />
      <behaviors>
        <serviceBehaviors>
          <behavior>
            <serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
            <serviceMetadata httpGetEnabled="true" />
            <serviceDebug includeExceptionDetailInFaults="true" />
          </behavior>
        </serviceBehaviors>
      </behaviors>
      <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    </system.serviceModel>
  Thanks in advance !!

  Hi,
  For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
  <behaviors>
  <serviceBehaviors>
  <behavior
  name="MyServiceTypeBehaviors"
  >
  <serviceMetadata
  httpGetEnabled="true"
  />
       </behavior>
  </serviceBehaviors>
  </behaviors>
  For more information, you could refer to:
  http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
  http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
  Regards

• Which trxn for Support staff to terminate users in a Load Balance system

  We have trxn sm04, but it will only provide users that are logged into the system that you have been sent to in a load balance environment.
  I was also considering al08, but that does not allow support staff to terminate users.
  Is there another trxn?
  Please advise, we want to determine a strategy for the support staff before we roll out load balancing to all SAP users
  B.Regards,
  Maria

  >
  nirmal konchada wrote:
  > Hi,
  >
  > In ST03 ransaction you have something called as transaction list, there you can find your transaction and after double clicking it you can find the list of users working on that transaction.
  >
  > Once the list is clear you can disconnect the user through SM51.
  >
  >
  > Regards,
  > Nirmal.K
  Thank you for the advise.  However I cannot locate in transaction ST03 the information you indicated.  Also, your directions are confusing to me.
  Maria

• NW04 Portal and Cisco Load balancer

  Hi everybody,
  does anyone have a similar landscape as I have?
  Reverse Proxy - Cisco Content Switch Module for Load Balancing - two NW04 Portal Servers.
  How did you configure the stickyness / Load balancing mechanism on the load balancer in order to get it running?
  Cheers
  Jochen

  Hi,
  Web AS Java issues a cookie called saplb.
  You can check its value by connecting to the portal and then launching the command
  "javascript:alert(document.cookie)"
  within the browser. You will get a cookie value like
  saplb_*=(J2EE6202500)6202551          
  The value in brackets determines the Instance; the second number equals the actual ClusterID (can also be found in the VisualAdmin. Usually 50 indicates the 1st server node, 51 the second one etc.
  The saplb_*-cookie can be checked by the cisco see Cisco-Link above. Just configure the Cisco to be sticky on the  instance number (value in the first brackets, in the example 6202500).
  Several Customers do it like this, and actually the SAP Webdispatcher is also using this cookie to determine the instance to distribute the request to.
  Good luck Bernhard

• Cisco load balancer with Real to VIP mapping ?

  Hi ,
  brief about the setup -
  Client IP x  - Virtual server IP y = Real server IP's A , B ,C 
  I know that by SLB we can map traffic originating from Client IP x to VIP y towards any of real server IP's (A,B,C).
  I want to know how we can map traffic originating from Real server IP's(A,B,C) so that when it reaches Client IP x the source IP should be VIP y.  
  Please can some body help with this query !!!!

  If the real server's default gateway is to the load balancer, whatever that object may be, you could be able to source NAT to the VIP address.  With real load balancer I.e. F5's / ACE / netscaler, it's very easy to manipulate the packets and traffic flow

• SSL Cetificate and F5 load balancer.

  Hi All,
  I need to created SSL certificate to enable SSL on the HTTP server can you please give me the steps for that also i need to configure SSL on the load balancer how would i do that, i will be thankful if anybody can provide me detail steps, thanks in advance.
  Thanks,
  Virendra

  Hi,
  What is the application release?
  For SSL, please see these documents.
  Note: 123718.1 - 11i: A Guide to Understanding and Implementing SSL for Oracle Applications
  Note: 300969.1 - Troubleshooting SSL with Oracle Applications 11i'
  Note: 376700.1 - Enabling SSL in Release 12
  For Load Balancing, please refer to:
  Note: 380489.1 - Using Load-Balancers with Oracle E-Business Suite Release 12
  Note: 727171.1 - Implementing Load Balancing On Oracle E-Business Suite - Documentation For Specific Load Balancer Hardware
  Note: 601694.1 - How To Check Session Persistence On BigIP F5 And Cisco Ace Load Balancer Appliances
  Note: 603325.1 - Using Cisco ACE Series Application Control Engine with Oracle E-Business Suite Release 12
  Regards,
  Hussein

• Load Balancer and SSL

  What is the correct/recommended way to configure ssl through the load balancer with the DS or DPS? I see 3 options:
  1. SSL termination at the load balancer level
  2. using wildcard certs
  3. specifying the subjectAlternativeName in the cert.
  I am currently looking at using 2 or 3 and have some questions. 2 seems like the best option and makes it more seemless to applications if you bring in an additional backend server, then you dont need to load any other certs for any applications.
  For option 3 how can you specify the subjectAlternativeName when generating a CSR? I dont see anyway of doing that except mentioned here . I see in the Access Manager [docs |http://docs.sun.com/app/docs/doc/819-5899/gcdvv?l=ru&a=view] to specify the Subject DN as the load balancer name. Will this work correctly without have the subject DN as the FQDN of the DS/DPS?

  I'm not sure your 3 options are mutually exclusive. We're going to be doing a combination of 1 and 2. We're going to purchase a wildcard certificate and put it on our load balancer. The SSL traffic will terminate at the load balancer and go straight LDAP from the load balancer to the DS host.