The Cyprus University of Technology is an internationally recognized research and education institution ranking among the top universities worldwide.
It is spearheading international cooperation in research and innovation, collaborating with dozens of notable academic institutions. Its actions have had tangible impacts on the wider society by cultivating a social consciousness culture in sectors of social interest. Before encountering Kemp, the University was using an open-source load-balancing solution that was proving cumbersome to manage. At the same time, it was also exploring the addition of a Citrix Storefront workload that needed balancing.
“The coincidence of these two factors prompted us to seek a more reliable load balancer,” says Constantinos Christodoulou, Senior Network Engineer at the Cyprus University of Technology.
“We needed a solution to publish our web or other services requiring a ‘front end,’” continues Christodoulou. “On a normal day, our load balancer handles an average of 1Mbps peaking at 33Mbps, with spikes of up to 330Mbps occurring as well. All our transactions are 98% SSL, and our load balancer has to be able to handle them with ease.”
It’s common among research and educational institutions that there are sizable differences between peak and off-peak traffic. Therefore, the solution had to be highly available and robust, provide load balancing to the back-end servers, and supply some means of web application defense and logs and performance statistics.
Because the University already had a VM infrastructure in place, it opted to deploy virtual LoadMaster appliances to publish its web services to the Internet and handle the traffic for Citrix Storefront and MS Exchange both to the Internet and internally.
“In this way, we reduced the purchasing costs and made the deployment easier to maintain in the long run,” says Christodoulou. “Besides backing up the configuration, we can also keep backups and snapshots of the entire machine, which is very useful on occasions when we need to recover from a failure. We’re also keeping the footprint, power requirements, switch port requirements to a minimum, and scaling the memory for performance and storage is very easy, too.”
Another benefit of using virtual LoadMaster appliances is that no one needs to physically visit the data center to install hardware or connect cables. The University team, along with Kemp engineers, were able to bring the load balancer into operation while on a web collaboration session, which was practical, as the deployment took place in the middle of the covid-19 lockdown.
“Certain back-end data center services, like MS Exchange, require a front-end server to operate,” adds Christodoulou. “With the LoadMaster load balancer, we solve this problem using a single machine that handles all the back-end servers without the need to purchase a separate machine for each back-end server. We’ve also eliminated any issues related to the load balancing of our server farms by offloading the task to the LoadMaster. Now, we can remove a server from a published state, for example for maintenance, simply by unchecking a checkbox.”
The entire system is managed via the central LoadMaster Console, with the overall management simplified by load balancing templates. In addition to the basic LoadMaster functionalities, the University also leverages the Web Application Firewall (WAF) and the Edge Security Pack (ESP), which provides logging, IP access lists, and both historical and real-time statistics.
“We use data logging mainly for forensics or troubleshooting client connectivity to our services,” says Christodoulou. “For instance, during a cyberattack, when the adversary tries using dictionary attacks to gain access to the user profiles via the OWA service, the LoadMaster acts as an additional protective layer. With the ESP enabled, the users have to use their credentials on the LoadMaster before proceeding further, and after a number of failed password attempts, ESP blocks the user on the load balancer before the actual user account in our Active Directory (AD) is locked. In this way, the legitimate user can continue using internal services in spite of having been targeted by the attacker.”
The University also collects historical statistics, which are useful when assessing its future needs, as they give a clear idea of how much data is being processed by the Internet-published services.
The Cyprus University of Technology has replaced their cumbersome load balancing solution with a crisp yet robust application delivery controller that has greatly simplified the management of their critical applications. Now it is using a single solution to publish its web services to the Internet, which greatly reduces administration, and the high-availability configuration of two virtual machines removes LoadMaster as a point of failure, offering extra peace of mind.
“The administration is quite easy and straight forward. Most of the tasks are a matter of a couple of clicks, while there are plenty of options for more in-depth or demanding configurations. We certainly like the WAF which added an extra layer of protection for our web services. Another aspect we like is the support we receive from Kemp. The Kemp engineer assigned to the project was very proficient, very helpful and always available. Both pre-sales and after-sales support was excellent,” concludes Christodoulou.
LoadMaster has proven a robust solution that is easy to manage. We needed a simple way to publish our web services to the Internet, and Kemp does the job perfectly.Constantinos Christodoulou