Novell Access Manager and Zeus ZXTM LB

Novell Access Manager and Zeus ZXTM LB

Introduction

Create Session Persistence Classes

Create Monitor

Create Pool

Create Virtual Server

Create Traffic Manager

Conclusion



Introduction



Novell Access Manager and Zeus ZXTM LB



These two products work great together and the setup is simple enough you don't have to sweat the L4 configuration. The items are created in the order that they need to be used within the system. The benefit of this software L4 is it runs on standard hardware and can be upgraded to be faster if you need it to run faster. Also the connections are actually L7 so you don't need to have them all on the same switch or segregated on different ports as some hardware L4 require. They just need to have a network connection between them which is much more flexible.



The software L4 was able to keep up with the hardware switches if I used faster hardware 4 cores and 8 GB of ram with the NIC's teamed. You need to monitor the bandwidth because that seemed to be the first thing that ran out when I started my tests.



The high availability was pretty slick also that it allowed me to switch between the machines if one failed. I don't go into the specifics for the high availability but rather talk on the ZXTM LB working with Novell Access Manager.



Here are details of my configuration that I will be reproducing in the configuration. I set it up using the 8080 and 8443 on the IDP but the software L4 can actually handle this through port 80 and 443 if you would prefer.



TEN

Gateway Cluster

Virtual IP address 192.168.0.10

Domain: ten.com

Servers 192.168.0.11, 192.168.0.12

Ports 80, 443

Health Check



TWENTY

Identity Server Cluster

Virtual IP address 192.168.0.20

Domain: twenty.com

Servers 192.168.0.21, 192.168.0.22

Ports 8080, 8443

Health Check



Create Session Persistence Classes



The first step is to create the Session Persistence Classes that will be used later in the setup. We will need to create two secure classes and two insecure classes for this setup to show how it is done. You do have the option to create one IP based persistence class and use it for the same cluster but that is a decision you can change easily at a later time once it is setup. The ssl id and the jsession id are best for testing out the clusters internally before they go live.



Catalogs (Button)->Persistence (Tab)



Create New Session Persistence Class



Name Ten-http

Click Create

Choose J233 session persistence

Click Update



Name Ten-ssl

Click Create

Choose SSL Session ID Persistence

Click Update



Name Twenty-http

Click Create

Choose J233 session persistence

Click Update



Name: Twenty-ssl

Click: Create

Choose J233 session persistence

Click: Update




Create Monitor


The next step is to create the monitors that you will need for each cluster and it is important to create http and ssl monitors if you have both of them enabled. Otherwise you could lose your http connections when the ssl is disabled while you are testing. It is okay to configure the http even if you aren't going to use it at the current time. You can always disable it when you decide you don't need it. A node is actually the servers in the clusters to help clarify the terminology.



Catalogs (Button)->Monitors (Tab)



Create a new monitor for Ten on the http port.



Name: Ten-http

Type: HTTP monitor

Scope: monitor each node separately.

Click: Add Monitor



When it pulls up the next screen it will be the actual Monitor settings for Ten-http and you need to adjust the timeout to value that matches the max_reply_time in the Pools. I choose 10 seconds in this case.



Timeout: 10

use_ssl: No

host_header: ten.com

path: /nesp/app/heartbeat

body_regex: Success

Click: Update



Create a new monitor for Ten on the ssl port.



Name: Ten-ssl

Type: HTTP monitor

Scope: monitor each node separately.

Click: Add Monitor



When it pulls up the next screen it will be the actual Montor settings for Ten-ssl and you need to adjust the timeout to value that matches the max_reply_time in the Pools. I choose 10 seconds in this case.



Timeout: 10

use_ssl: Yes

host_header: ten.com

path: /nesp/app/heartbeat

body_regex: Success

Click: Update



Create a new monitor for Twenty on the http port.



Name: Twenty-http

Type: HTTP monitor

Scope: monitor each node separately.

Click: Add Monitor



When it pulls up the next screen it will be the actual Montor settings for Twenty-http and you need to adjust the timeout to value that matches the max_reply_time in the Pools. I choose 10 seconds in this case. You will not set the port in this section as it depends on the actual virtual server of the same name for the port.



Timeout: 10

use_ssl: No

host_header: twenty.com

path: /nidp/app/heartbeat

body_regex: Success

Click: Update



Create a new monitor for Twenty on the ssl port.



Name: Twenty-ssl

Type: HTTP monitor

Scope: monitor each node separately.

Click: Add Monitor



When it pulls up the next screen it will be the actual Montor settings for Twenty-ssl and you need to adjust the timeout to value that matches the max_reply_time in the Pools. I choose 10 seconds in this case. You will not set the port in this section as it depends on the actual virtual server of the same name for the port.



Timeout: 10

use_ssl: Yes

host_header: twenty.com

path: /nidp/app/heartbeat

body_regex: Success

Click: Update



Create Pool



This section is where we create our pools of servers that are going to be configured for each virtual server. There are many options that we are currently not using and only taking the features that are required for our product.



Services (Button)->Pools (Tab)




Create a new Pool for Ten-http



Pool Name: Ten-http

Nodes: 192.168.0.11:80,192.168.0.12:80

Monitor: Ten-http

Click: Create Pool



Once the creation has finished then you will be inside the pool Ten-http. The first item that you need to configure is the Load Balancing so click on the load balancing and choose Round Robin. There are other options that will improve or decrease your performance so you can choose the one that works best for your environment.



Click on Load Balancing



Load_balancingalgorithm: Round Robin

Click: Update



Click Back on Ten-http in the Tab to return to the original screen.



Click on Session Persistence



persistence: Ten-http

Click: Update



Click Back on Ten-http in the Tab to return to the original screen.



Click on Connection Management



max_reply_time: 10

Click: Update



Click on Pools in the Tab to return where you need to create a new pool.



Create a new Pool for Ten-ssl



Pool Name: Ten-ssl

Nodes: 192.168.0.11:443,192.168.0.12:443

Monitor: Ten-ssl

Click: Create Pool



Once the creation has finished then you will be inside the pool Ten-ssl. The first item that you need to configure is the Load Balancing so click on the load balancing and choose Round Robin. There are other options that will improve or decrease your performance so you can choose the one that works best for your environment.



Click on Load Balancing



Load_balancingalgorithm: Round Robin

Click: Update



Click Back on Ten-http in the Tab to return to the original screen.



Click on Session Persistence



persistence: Ten-ssl

Click: Update



Click Back on Ten-ssl in the Tab to return to the original screen.



Click on Connection Management



max_reply_time: 10

Click: Update



Click on Pools in the Tab to return where you need to create a new pool.



Create a new Pool for Twenty-http



Pool Name: Twenty-http

Nodes: 192.168.0.21:8080,192.168.0.22:8080

Monitor: Twenty-http

Click: Create Pool



Once the creation has finished then you will be inside the pool Ten-http. The first item that you need to configure is the Load Balancing so click on the load balancing and choose Round Robin. There are other options that will improve or decrease your performance so you can choose the one that works best for your environment.



Click on Load Balancing



Load_balancingalgorithm: Round Robin

Click: Update



Click Back on Twenty-http in the Tab to return to the original screen.



Click on Session Persistence



persistence: Twenty-http

Click: Update



Click Back on Twenty-http in the Tab to return to the original screen.



Click on Connection Management



max_reply_time: 10

Click: Update



Click on Pools in the Tab to return where you need to create a new pool.



Create a new Pool for Twenty-ssl



Pool Name: Twenty-ssl

Nodes: 192.168.0.21:8443,192.168.0.22:8443

Monitor: Twenty-ssl

Click: Create Pool



Once the creation has finished then you will be inside the pool Ten-ssl. The first item that you need to configure is the Load Balancing so click on the load balancing and choose Round Robin. There are other options that will improve or decrease your performance so you can choose the one that works best for your environment.



Click on Load Balancing



Load_balancingalgorithm: Round Robin

Click: Update



Click Back on Twenty-ssl in the Tab to return to the original screen.



Click on Session Persistence



persistence: Twenty-ssl

Click: Update



Click Back on Twenty-ssl in the Tab to return to the original screen.



Click on Connection Management



max_reply_time: 10

Click: Update



You are now finished creating the pools.



Create Virtual Server



The virtual server is where the pool is given a port number and assigned a protocol.



Services (Button)->Virtual Servers(Tab)



Create a new Virtual Server

Virtual Server Name: Ten-http

protocol: HTTP

port: 80

Default Traffic Pool: Ten-http



We are just going to leave it as the default for now of all IP addresses. We will assign the Traffic IP Groups to the virtual server as soon as they are completed.



Create a new Virtual Server

Virtual Server Name: Ten-ssl

protocol: SSL (HTTPS)

port: 443

Default Traffic Pool: Ten-ssl



We are just going to leave it as the default for now of all IP addresses. We will assign the Traffic IP Groups to the virtual server as soon as they are completed.



Create a new Virtual Server

Virtual Server Name: Twenty-http

protocol: HTTP

port: 8080

Default Traffic Pool: Twenty-http



We are just going to leave it as the default for now of all IP addresses. We will assign the Traffic IP Groups to the virtual server as soon as they are completed.



Create a new Virtual Server

Virtual Server Name: Twenty-ssl

protocol: HTTP

port: 8443

Default Traffic Pool: Twenty-ssl



We are just going to leave it as the default for now of all IP addresses. We will assign the Traffic IP Groups to the virtual server as soon as they are completed.




Create Traffic Manager



This is where we setup the virtual IP addresses on the server so that they can be handled by the Load Balancer. You will need to have an IP address configured on the card in the range where you want to use the Virtual IP for this to work.



Service (Button) > Traffic IP Groups (Tab)



Create a new Traffic IP Group



Name: Ten-ip

Traffic Managers: Add existing box

IP addresses: 192.168.0.10

Click: Create Traffic IP Group



The next step is to add this traffic manager to the virtual server we had created previously for Ten-http.



Service (Button) > Virtual Servers (Tab)



Click on edit for the Ten-http virtual server.



Listening on: Traffic IP Groups



The screen will refresh then choose the next option.



Select Traffic IP Group: Ten-ip

Click: Update



The next step is to add this traffic manager to the virtual server we had created previously for Ten-ssl.



Service (Button) > Virtual Servers (Tab)



Click on edit for the Ten-ssl virtual server.



Listening on: Traffic IP Groups



The screen will refresh then choose the next option.



Select Traffic IP Group: Ten-ip

Click: Update



The next step is to add this traffic manager to the virtual server we had created previously for Twenty-http.



Service (Button) > Virtual Servers (Tab)



Click on edit for the Twenty-http virtual server.



Listening on: Traffic IP Groups



The screen will refresh then choose the next option.



Select Traffic IP Group: Twenty-ip

Click: Update



The next step is to add this traffic manager to the virtual server we had created previously for Twenty-ssl.



Service (Button) > Virtual Servers (Tab)



Click on edit for the Twenty-ssl virtual server.



Listening on: Traffic IP Groups



The screen will refresh then choose the next option.



Select Traffic IP Group: Twenty-ip

Click: Update



Conclusion


At this point you have completed the setup for the software L4 and now you need to click on the Home Button to start the virtual servers individually. If there are any errors they will show up on the main page(first link top left) and you can click on the red sign and it will display the problem so that you can fix it.



Labels (1)
Tags (1)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
3 of 3
Last update:
‎2020-01-31 22:08
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.