Teodor Dodita
on
•
25 mins
Always On VPN (AOVPN) provides a seamless always-on connection that boosts security and the user experience.
The WAF addresses the OWASP Top 10 vulnerabilities and is very quick and simple to deploy.
Nutanix offers a hyper-converged infrastructure (HCI) platform that integrates virtualization, computing, networking, storage, and security resources into a single system.
L3 DSR is an alternative technique to achieve direct server return at Layer 3. Instead of using an IPIP tunnel like LVS-TUN it changes the destination IP address like LVS-NAT when sending the traffic to the real server.
You can check directly what customers having been telling Gartner about Loadbalancer.org, JetNexus, Barracuda Networks and Kemp Technologies on the new Peer Insights platform.
LVS-DR and LVS-TUN are both forms of Direct Server Return where the load balancer only has to deal with one half of the connection.
Automation is very important for many organisations, which is why it's one of the core features of our upcoming V9 release.
Security through obscurity is not a great idea when it is your ONLY protection technique. For example moving your SSH port from 22 -> 23 won't fool any hackers for long! However, I've always liked putting a 'double login' in front of important web sites to frustrate simple automated hacking tools.
Open standards are awesome, and the File Transfer Protocol FTP (inspite of its flaws) has been in constant use for an amazing 40 years! FTP can be a pain to run over firewalls and load balancers, so this blog explains how to configure Microsoft FTP and HAProxy.
Using client certificates for security is a pretty cool idea! You can protect an entire application or even just a specific Uniform Resource Identifier (URI) to only those that provide a valid client certificate.
We thought it was important to have a specific health check built into our appliance for the commonly used DICOM protocol (Digital Imaging and Communications in Medicine).
SSL offload is handled by STunnel, while HAProxy handles back-end server re-encryption.
Different vendors have widely different opinions on which method should be used to deploy web filters or SWGs. Historically, vendors struggled to implement authentication in Transparent mode, and maybe they remember some awkward conversations with customers that chose the wrong method.
For several years, if an instance was launched in AWS and during the initial configuration an IAM role was not defined, the only option available was to stop/terminate the instance and launch another, however, this has now changed!
The appliance works quite nicely in a oVirt environment and should work just as well with a full Red Hat’s Enterprise Virtualization environment (RHEV)!
Follow the instructions below to install and configure the external health check, and once you've completed the steps you can use the health check for either layer 4 (LVS) or layer 7 (HAproxy) clusters.
Let’s Encrypt offers us a free way to get SSL certificates with the aim of being less complex than other current solutions.
HAProxy is an excellent choice if you need layer 7 functionality, but its a full reverse-proxy, so the application thinks that all of the traffic is coming from HAProxys IP - rather than the clients.
We can write custom health checks specific to your environment checking availability of servers as well as other backend systems such as REST servers, databases and storage.
So, you've configured two Loadbalancer.org appliances as a clustered pair for high availability, the pair has been working fine but then one day you receive an email alert that one of the pair has failed for some reason.
The Loadbalancer.org for AWS appliance will monitor auto scaling groups, update configs based on auto scaling events and add/remove servers.
Once HAProxy is running transparently, it will allow the real server to see the client IP so the real server will reply directly back to the client bypassing the load balancer.
Using the flexibility of both AWS and our Enterprise AWS appliance, it's possible to configure a secure and robust load balanced Remote Desktop Services deployment to suit a range of requirements.
Policy Based Routing is a clever way to give us more control over which routing path connections will take. It allows us to specify custom routing tables and then add rules offering fine grained control over which routing table a connection will use.
Anomaly score based blocking is more flexible and effective than simple first error blocking.
One of our favorite methods of load balancing is using Layer 4 DR because it is transparent and fast. Unfortunately, because of Amazon's infrastructure, this is not possible in EC2 so we need to use another method which means we are left with layer 4 NAT and transparent HAproxy using TProxy.