Transcription
.Integration GuideZen Load BalancerUbuntu/Microsoft Windows
.Integration Guide: Zen Load BalancerImprintcopyright 2014Utimaco IS GmbHGermanusstrasse 4D-52080 AachenGermanyphone 49 (0)241 / 1696-200fax 49 (0)241 / timaco.comdocument version1.1.0dateauthorJune 2014System Engineering HSMdocument no.SGCS IG ZenLoadBalancerall rights reservedNo part of this documentation may be reproduced in any form (printing, photocopyor according to any other process) without the written approval of Utimaco IS GmbHor be processed, reproduced or distributed using electronic systems.Utimaco IS GmbH reserves the right to modify or amend the documentation at anytime without prior notice. Utimaco IS GmbH assumes no liability for typographicalerrors and damages incurred due to them.All trademarks and registered trademarks are the property of their respective owners.
.Contents1 Introduction42 Overview43 Requirements44 Installation of Zen Load Balancer45 Zen Load Balancer Configuration and Demo56 Further Information7
.Integration Guide: Zen Load Balancer1IntroductionThe present document provides an integration guide for configuring Zen Load Balancer with Utimaco'sSafeGuard CryptoServer Hardware Security Module (HSM).2OverviewZen Load Balancer is an Open Source Load Balancer Appliance Project and provides a complete solution for load balancing to give a high availability for TCP and UDP services and data line communications, targeted to turn a professional open source product in networking for distributed systems.Zen Load Balancer is a very high productive and effective tool for the load balancing, we are going toshow you how one can use it with HSM as per his/her requirements.SafeGuard CryptoServeris a hardware security module developed by Utimaco Safeware AG, i.e. a physically protected specialized computer unit designed to perform sensitive cryptographic tasks and tosecurely manage and store cryptographic keys and data. It can be used as a universal, independentsecurity component for heterogeneous computer systems.3RequirementsYou should have prepared an installed Ubuntu or Microsoft Windows operating system. If you are using a PCI(e) card you also have to compile and install the necessary driver for that card. We assumedthat you successfully installed the Zen Load Balancer on your system. If not, please follow Zen LoadBalancer website to download and install Zen Load Balancer software.Software- and Hardware RequirementsHSM ModelSafeGuard CryptoServer CS-Series/S-Series/Se-Series LANHSM FirmwareSafeGuard SecurityServer 3.01.3SoftwareZen Load Balancer4Installation of Zen Load BalancerAs mentioned we assumed that you successfully installed the Zen Load Balancer in your system. Ifnot, please follow below two links to download and install the Zen Load Balancer:Page 4
. Download (http://www.zenloadbalancer.org/web/index.php?page downloads) Installation (http://www.zenloadbalancer.org/web/index.php?page zen-load-balancer-administrationguide)Zen Load Balancer is offering four different types of load balancing algorithms.1. Round Robin - equal sharing. It is distribute an equal balance of traffic to all active real servers.For every incoming connection the balancer assigns the next round robin real server to deliverthe request.2. Hash - sticky client. The Farm will create a hash string for each IP client and send each connection from that hash to the same real server. A hash table is created with the real servers andthe requests are assigned through the following algorithm:index cli % nServersWhere index is the index of the real server hash table, cli is the integer representation of theIP address and the nServers is the number of real servers available. This algorithm is a wayto create persistence through the IP address, but it is more powerful if you have a variety ofsubnets clients accessing to your service3. Weight - connection linear dispatching by weight. One can balance connections depending onthe weight value using Weight algorithm, you have to edit this value for each real server. Therequests are delivered through an algorithm to calculate the load of every server using the actualconnections to them, and then to apply a linear weight assignation.4. Priority - connections to the highest priority available. This algorithm is balance all connectionsto the same highest priority server. If one server is down, the connections switch to the nexthighest server. With this algorithm you can build an Active-Passive cluster service with severalreal servers.5Zen Load Balancer Configuration and DemoBefore we proceed through integration steps, we need to configure the main network configuration bysetting up physical IP and virtual IP. You can set the IP addresses in Settings Interfaces section. Inthis document, we considered 10.17.4.16 as virtual IP. Now we are ready to add farm using configuredvirtual IP address. Farm is a set of servers that offer the same service over a single entry point definedPage 5
.Integration Guide: Zen Load Balancerwith an IP address and a port, which is normally called virtual service. The main farm work is todeliver the client virtual service connection to the real backend service and back. Meanwhile, thefarm definition sets up the delivery policies to every real server.To create new Farm, you can add it in Manage Farms section. One can create the new Farm usingvirtual IP (e.g 10.17.4.16). After successfully creating Farm, now one can add the HSM server IPaddresses to this Farm and also add some global parameters as per requirements like load balancingalgorithms, backend response timeout, virtual port and etc. If you see the green circle symbol in theStatus field, then you are ready to run the demo on Zen Load Balancer using HSM.Please open the multiple windows of the command prompt (CMD) and run below command on eachof the CMD instance:cxitool dev 10.17.4.16 logonpass ZenLB,utimaco testNow, you can visualize the current established connections(progress) by clicking on View backendstatus in actions field in Manage Farms. There is one more feature offered by Zen Load Balanceris that you can visualize the performance of your system by viewing different charts and logs inMonitoring Graphs or Logs.Page 6
.6Further InformationThis document forms a part of the information and support which is provided by the Utimaco Safeware. Additional documentation can be found on the product CD in the documentation directory.All SafeGuard CryptoServer product documentation is also available at the Utimaco Safeware website: http://hsm.utimaco.comPage 7
.ContactUtimaco IS GmbHGermanusstraße 4D - 52080 AachenGermanyphone 49 241 1696 - 200fax 49 241 1696 - 199webhttp://hsm.utimaco.comemail support-cs@utimaco.com
IntegrationGuide:ZenLoadBalancer Imprint copyright2014 UtimacoISGmbH Germanusstrasse4 D-52080Aache
