Server Load Balancing, Content Switching and SSL Acceleration - FAQs for the LoadMaster and SSL-Master products

All KEMP LoadMaster products include 1st year hardware maintenance and support services.

What is load balancing?

Load balancing is a technique, which distributes IP-based queries from the Internet or Intranet throughout a server farm using various methods. The administrator can adapt these methods (scheduling rules) to specific requirements.

What is the purpose of SME load balancing?

Small, medium enterprises (SME) are making increasing use of the e-commerce opportunities offered by the Internet. SME�s can use the web to present themselves and their products. Companies can place information on their Intranet which is then accessed thousands of times a day. The SME can empower their customer to purchase their products online.

The same requirements apply to all companies, regardless of their size:
> The site must be available all the time, 7X24
> The pages must be easy to access at all times
> Access speed must be very good

A more efficient server or improved network hardware alone cannot meet all of these requirements, since it can only improve on the performance.

High-availability (= 99.999% uptime). To attain this level of availability two or more servers must be used. These mirrored servers must then be load balanced for automatic failover and detection of poor application performance in any of the online servers. If one mirror server fails, another mirror server takes over automatically. The balancer knows the extent of the load on the servers and can therefore direct queries in the best possible way.

What methods are used for load balancing?

There are several methods of balancing loads:

Round robin - The incoming users are distributed, in turn, across the available servers. If this method is selected, all the servers should have the same capacity and be provided with identical applications. Subject to this precondition, the round robin system is a simple, effective method of distribution.

If the servers have different capacities, the use of round robin can mean that a less powerful server receives the next inquiry even though it has not yet been able to process the current one.

Weighted round robin - The administrator simply defines the capacities of the servers available by weighting the servers. The most efficient server, for example, is given the weighting of 100, while a less powerful server is weighted at 33. The result is that Server A, the more efficient server, would always receive two inquiries consecutively before Server B receives its first request.

Least connections - Requests are distributed on the basis of the connections that every server is currently maintaining. The server with the lowest number of connections automatically receives the next request.

Weighted least connection - This is the best method of distribution in general. The number of connections in combination with the various weights defined by the administrator generally provides a very balanced utilization of all available servers.

Adaptive Balancing - The LoadMaster takes this a step further. The LoadMaster contains an adaptive logic which checks the state of the servers at regular intervals and independently of the configured weighting. If excessive overloading of the server occurs, the weighting is automatically adjusted transparently.

Which server protocols are supported by the LoadMaster?

The LoadMaster supports all TCP/UDP based services including HTTP, FTP, TCP, UDP, SMTP, POP3, LDAP, SSL and more.

How does the Load Master provide maximum server level performance?

The reliability, i.e. safety against failure, of the LoadMaster is provided on three levels:

I. The operating system and software level
The Load Master is based on Linux that has been adopted to help with your server farm. In recent years, Linux has proved to be an extremely stable and efficient operating system, especially for network-based applications.

II. Hardware level
Powerful, state of the art communications appliance platforms, meeting the most stringent requirements are used. Compact Flash Card technology is used for system OS, further optimizing performance, reliability and MTBF.

III. Active/Stand-by Redundant Configuration
Redundant LoadMasters monitor each others health status. If one LoadMaster should fail (doubtful) the other one takes over without missing a beat (bit).

How easy is KEMP’s Load Master to configure?

Take your choice. If you like command line interfaces, the LoadMaster’s Cisco IOS like interface will present a familiar look. However if you like graphic user interfaces (GUI) LoadMaster’s intuitive. Web-based GUI (WUI) is very easy to learn and work with. You should know what a network is, but you won’t have to be able to design a rocket. The LoadMaster’s wizards do a lot of the work for you. Access to the WUI is, of course, available from the browser via a secure SSL session.

This sounds great, but what is my Total Cost of Ownership (TCO) going to be?

An SME’s budget is austere. The LoadMaster begins with the lowest priced, full-featured load balancer on the market today.

The standard price includes the first year of support (software updates, 24-hour hardware replacement and 8X5 telephone support).

Learning to install and manage the LoadMaster is made easy with its simplified Web User Interface (WUI). In addition, each unit comes with a CD containing all the manuals.

KEMP’s experienced support staff has been providing our customers with support for load balancing products for over three years now. Call them just to say how much you love the LoadMaster. Otherwise they get a little bored since they rarely fail and are so easy to work with.

Does the Web User Interface (WUI) have to be installed on a computer that is in the same (sub) network as the LoadMaster or the real servers?

No. Just use any web browser, anywhere in the world. It is secured with SSL.

How do I obtain the necessary license keys?

The first time you set up the LoadMaster (in "initial setup"), you will be given an access code. You can then use this code to obtain your license key from KEMP Technologies.

Why would I want to use LoadMaster to secure my e-commerce web site?

There are several reasons for using the LoadMaster as an SSL accelerator and a load balancer. SSL efficiency is one of the most important. By moving SSL off your servers and using LoadMaster will:
· Significantly improve the performance of your e-Commerce servers by off-loading the SSL processing to the LoadMaster. SSL places 35-55% overhead on your server.
· Moving this function to the LoadMaster Appliance also has the added benefit of centralizing the management of your public key certificates.
· Reduce the cost and hassle of installing additional hardware or software on each of your servers for your secure transactions.
· Reduce the cost and hassle of installing additional servers as a result of the excessive SSL overhead.
· Provide persistence with cookies, instead of the inconsistent SSL Session-ID.

Do I need to make any changes to my Web server application?

There are no changes needed to your existing web application for this to work. In fact, by offloading this computational intensive process from your servers you should experience better overall performance from your Web servers.

Do I lose any LoadMaster functionality by using SSL?

The LoadMaster Appliance is a scalable platform. Using the SSL Proxy in the LoadMaster enhances the functionality by providing a high availability intelligent load balancing platform for your secure transactions.

We have an application that requires persistence using cookies. Can this solution support this type of configuration?

LoadMaster provides several persistence methods. Because there is no lost functionality when using the SSL Proxy functionality with a LoadMaster Appliance, your current applications are supported. Also, the LoadMaster enhances this functionality by making LoadMaster the proxy for your SSL traffic.

How does this solution save me money?

· Fewer certificates to purchase and administer and
· If SSL is consuming more than 35% of your server’s CPU, using the LoadMaster solution nets you the equivalent of an additional server for every three servers in use

That sounds good but how does it work?

As a request comes into the LoadMaster, LoadMaster reads the request and makes an intelligent decision on where to send the request. This decision is based on server availability, load balancing method selected, and the type of information being requested. The type of information being requested can be determined by reading the HTTP header. If the request is encrypted using SSL, such as a typical shopping cart application, LoadMaster can't read the header or cookie and therefore can't use this highly selective load balancing mode. The LoadMaster decrypts the SSL request and uses the HTTP header and cookie information to make intelligent decisions.

What are public key certificates and how does LoadMaster help me manage them?

Every solution that provides the encryption and decryption of SSL sessions require public key or certificates. There are many vendors that provide these keys for a fee. Every web server that has an SSL solution requires separate keys and management of those keys on every server. If you are already using an SSL product on your web server you know how to get the keys you need. LoadMaster consolidates the management of those on to a single server. In addition, most other solutions only support a cryptic command line interface for the management of those keys. LoadMaster uses a web interface for the primary functions of managing the certificates.

Can I use the same SSL certificate on 2 LoadMasters?

LoadMaster runs “Active-Standby” and therefore only one certificate per domain is required.

How many certificates can LoadMaster manage with SSL Acceleration support?

256 certificates.

Is there a minimum CPU requirement for LoadMaster?

The LoadMaster utilizes high performance Intel CPUs which easily meet KEMP’s SSL performance specifications.

Does failover between LoadMasters still work?

SSL sessions work in a stateless mode. This means that the connection from the client to the server is a series of small conversations that are unrelated. LoadMaster does provide persistence, which is critical in e-commerce transaction oriented applications. In the unlikely even that the active LoadMaster fails, the SSL sessions will need to be restarted by the browser. This is actually a security function of SSL. Due to the stateless nature of the Internet, SSL sessions left open could create holes in your security.

What happens with my existing SSL certificates?

For Unix systems you can probably migrate a certificate, depending on the certificate authority, to LoadMaster. With NT systems a new certificate must be requested from your certificate authority.

What happens if there is too much SSL traffic for LoadMaster to handle?

LoadMaster can accommodate a wide range of transactions per second. It is unlikely that your SSL traffic will exceed the capacity.

LoadMaster will recover without dropping connections. If LoadMaster exceeds its maximum specified performance ratings it will slow down some in order to spend time handling the new connections until the "backlogged" connections are cleared.

Do I need more memory in my LoadMaster?

Only in some cases will the LoadMaster require additional memory on the LoadMaster Appliance. For example if the concurrent connections approached 4K an additional 512Mb DDR may be helpful to sustain performance. KEMP Technologies can assist you in customizing the optimal memory configuration for your unique Internet traffic management needs.