Kemp products optimize web and application infrastructure as defined by high-availability, high-performance, flexible scalability, security and ease of management. Kemp products maximize the total cost-of-ownership for web infrastructure, while enabling flexible and comprehensive deployment options.
Only the bal user or users with 'All Permissions' set can use this functionality. Users with different permissions can view the screen but all buttons and input fields are greyed out. Read full article
A reverse proxy is a network service that is designed to receive and handle access requests to backend application and web servers. These requests are predominantly from client devices, but can also be from other servers and services on the network.
To disable a real server perform the following. 1. Go to real Servers.
L7 Connection Drain Time impacts only new connections. Existing connections will continue relaying application data to a disabled server until that connection is terminated, unless the Drop at Drain Time End checkbox is selected.
Load master supports Radius (Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management of network devices). To add radius server to the load master.
To control remote access to the load master using the SSH protocol. SSH or Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers
How to enable L7 transparency so real servers can sees all the client IP addresses in their logs. To enable L7 transparency Select Virtual Service and go to View/Modify Service Select Modify on Virtual services and go to standard options Select enable on L7 transparency For L7 transparency to work, Clients IP addresses needs to be on a different IP subnet compared to the real servers.
Some customers need to add extra ports under their virtual services for example for MS Exchange MAPI services. With this feature the virtual service will listen to these extra ports under this virtual service ensuring persistency across all ports.
You can enable a port 80 redirect for a HTTPS virtual service.
To enable SNMP or Simple network management protocol which can be used to monitor the load master unit e.g. CPU load and statistics on the load master.
There are two deployment options, One-Arm and Two-Arm, the distinction is made on a per virtual service basis, the Loadmaster can house a combination of One-Arm and Two-Arm Virtual Services. In fact the Loadmaster can have a Virtual Service that is configured in both methods. One-Arm Deployment
You can certainly add extra ports for a given Layer 7 Virtual Service on your LoadMaster. This option is not available for Layer 4 Virtual Services.
The IPS feature is only for http traffic, Kemp have a custom built engine for running SNORT rules. please visit www.snort.org for more information where you can download their latest free SNORT rule set or subscribe for the most up to date SNORT rules.
The Kemp Loadmaster uses 802.1Q for VLAN Trunking which is the industry standard for VLAN trunking. VLAN trunking is also supported on bonded interfaces.
You can setup up to: 256 Virtual Services and 1000 Real Servers on the LoadMaster 2200 500 Virtual Services and 1000 Real Servers with the LoadMaster 2600 1000 Virtual Services and 1000 Real Servers for the LoadMaster 3600 and 5300
Processing of SSL demanding applications is extremely computer intensive and can be very costly. Kemp provides a special built-in ASIC SSL card on the 2600, 3600 and 5300 Loadmasters to handle SSL Transactions efficiently.
LoadMaster currently supports key sizes higher than 2048 bit, however increasing the key size reduces the SSL TPS performance non-linearly, so performance with a 4096 bit key will drop substantially (by at least a power of four) compared to a 2048 bit key. In order to achieve the same performance with larger keys, more powerful hardware will be needed.
A LoadMaster can be reset to factory default values by navigating to System Configuration > System Administration > System Reboot and selecting the button for ‘Reset Machine.’ Alternately, it can be done via the console or SSH navigating to: 7) Utilities -> 1) Software Upgrade -> 3) Reset to Factory Defaults Either way will reset the device to a default state. The only exceptions to this are passwords and licensing
Creating VLANs on eth0 can prove challenging. Since VLANs can only be created via the web interface, it is tantamount to success that access to the web interface not be disrupted. To this end, the web interface will need to be temporarily moved to a different interface.
We recommend restoring “VS Configuration” only when restoring from a backup of a different model or version. This avoids any unnecessary complexity when dealing with different version details or different interface details.
The LoadMaster has the ability to bond its interfaces together to provide for additional throughput as well as redundancy. LoadMaster supports two styles of bonding: 802.3ad and Active-Backup. To configure an interface for use with bonding:
If you wish to change the interface associated with WUI access, navigate your WUI to System Configuration > Misc. Options > Remote Access. The option "Allow Web Administrative Access" has a drop down menu that will allow you to determine which interface to switch WUI access to.
No, you cannot do this. All interfaces configured on the LM must be on different subnets. Each of the LM interfaces are router interfaces and not switch ports so each interface configured must be in a different subnet to each other.
In order for non-local real servers to work, transparency must be disabled for that virtual service. All balanced traffic must return through the Load Master, non-transparency forces this to occur. Please note that the performance of the traffic will depend on the connection to the real servers as the traffic will be traveling back out of the local network.
In the LM WUI. Click on the System Configuration > Miscellaneous Options > Remote Access option. Enable the Hover Help checkbox. Once enabled, hovering over an item on the WUI will result in a short description being displayed
When first deploying a VLM, each VLM has two interfaces, eth0 and eth1. To add more interfaces on your VLM, extra Network Interface Cards need to be added to your VLM Machine. Creating and adding NIC's step by step process depends on which platform you are using, either VMware, Hyper-V etc. The general method of adding extra NIC's is:
By Default, eth0 is the address selected for the LM web management page (or shared IP in HA pair). To change this address, you must have at least one other interface configured with an IP address.
This option sends all error messages of the LM to your email address. Here are the following steps:
Yes, the LM allows you to add additional addresses to access the shared IP WUI. Select the interface which is configured to the shared IP address in the System Configuration > Interfaces menu and in the Additional addresses field enter in the extra addresses and select Add Address. Once this is complete, you will be able to access the shared IP address on the additional address entered.
The Sorry server option on the LM redirects all traffic to that server if all other real servers on that VS fails the Health check.