Highlighted
Absent Member.. Absent Member..
Absent Member..
203 views

In High Availability, if SSL has been configured on Load Balancer (LB is F5 BIG-IP version 10.x), Is

Hi All,

In High Availability, if SSL has been configured on Load Balancer (LB is F5 BIG-IP version 10.x), Is the Probe hardening required for that?

0 Likes
4 Replies
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: In High Availability, if SSL has been configured on Load Balancer (LB is F5 BIG-IP version 10.x)

Yes, the probe should use SSL and be connected to LB. Please be aware that public part of the certificate from LB should be in the probe keystore. Hardening guide have a process of export explained.

Hope this helps.

Regards
-Dmitry Gomel, PMP
Click the Like button at the bottom to say 'Thanks'.
0 Likes
Highlighted
Super Contributor.
Super Contributor.

Re: In High Availability, if SSL has been configured on Load Balancer (LB is F5 BIG-IP version 10.x)

Doesn't this negate the benifits of offloading the SSL encryption/decryption to the load balancer?

Regards,
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: In High Availability, if SSL has been configured on Load Balancer (LB is F5 BIG-IP version 10.x)

The benefit would be in the connection between the load balancer and the backend application (UCMDB) would not need to be encrypted.  The external traffic going into UCMDB should be encrypted though.

Hope this helps,
Keith Paschal
UCMDB Worldwide Support Lead
Micro Focus Support
If you find this or any post resolves your issue, please be sure to mark it as an accepted solution."

Click the KUDOS star on the left to say 'Thanks'
0 Likes
Highlighted
Super Contributor.
Super Contributor.

Re: In High Availability, if SSL has been configured on Load Balancer (LB is F5 BIG-IP version 10.x)

Hi Keith,

In 10.22 (HA) we were able to enable SSL on the 'front-end' of the F5, encrypting client connections, and having the back-end (F5 to servers) non-encrypted.  After our first 10.33 upgrade the probes failed to connect unless we had SSL from the probes to the F5 and SSL from the F5 to the servers.  Is there a configuration recipe to allow us to have it work they way we had it in 10.22?

Thanks

Regards,
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.