LB Cache Quick Start Guide v1.0

Similar documents
Load Balancing RSA Authentication Manager. Deployment Guide v Copyright Loadbalancer.org, Inc

Load Balancing Microsoft OCS Deployment Guide v Copyright Loadbalancer.org

Load Balancing Censornet USS Gateway. Deployment Guide v Copyright Loadbalancer.org

Load Balancing Bloxx Web Filter. Deployment Guide v Copyright Loadbalancer.org

Enterprise Azure Quick Start Guide v8.3.0

Load Balancing Web Proxies / Filters / Gateways. Deployment Guide v Copyright Loadbalancer.org

Load Balancing OKI DICOM-Embedded Printers. Deployment Guide v Copyright Loadbalancer.org

Load Balancing Microsoft AD FS. Deployment Guide v Copyright Loadbalancer.org

Load Balancing Sage X3 ERP. Deployment Guide v Copyright Loadbalancer.org, Inc

Load Balancing Fujifilm SYNAPSE. Deployment Guide v Copyright Loadbalancer.org

Load Balancing VMware Horizon View. Deployment Guide v Copyright Loadbalancer.org, Inc

Load Balancing Microsoft 2012 DirectAccess. Deployment Guide v Copyright Loadbalancer.org, Inc

Load Balancing Microsoft AD FS. Deployment Guide v Copyright Loadbalancer.org, Inc

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS

Load Balancing Web Servers with OWASP Top 10 WAF in AWS

Enterprise EC2 Quick Start Guide v1.3

Load Balancing Microsoft Sharepoint 2010 / Deployment Guide v Copyright Loadbalancer.org, Inc

Load Balancing Nuance AutoStore. Deployment Guide v Copyright Loadbalancer.org

Load Balancing Microsoft Terminal Services. Deployment Guide v Copyright Loadbalancer.org, Inc

EdgeConnect for Amazon Web Services (AWS)

Load Balancing FreePBX / Asterisk in AWS

Load Balancing Nuance Equitrac. Deployment Guide v Copyright Loadbalancer.org

Microsoft Sharepoint 2010 Deployment Guide

PCoIP Connection Manager for Amazon WorkSpaces

Pexip Infinity and Amazon Web Services Deployment Guide

Load Balancing Xerox Print Servers. Deployment Guide v Copyright Loadbalancer.org

How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud

Load Balancing Medical Imaging & Information System Protocols. Deployment Guide v Copyright Loadbalancer.org

Installation of Informatica Services on Amazon EC2

PCoIP Connection Manager for Amazon WorkSpaces

F5 BIG-IQ Centralized Management and Amazon Web Services: Setup. Version 5.4

Pexip Infinity and Amazon Web Services Deployment Guide

Pulse Connect Secure Virtual Appliance on Amazon Web Services

Elastic Load Balance. User Guide. Issue 14 Date

Amazon Virtual Private Cloud. Getting Started Guide

FortiMail AWS Deployment Guide

Configuring a Palo Alto Firewall in AWS

Sputnik Installation and Configuration Guide

Deploying the Cisco CSR 1000v on Amazon Web Services

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in Azure

Nagios Core AMI Setup Guide

How to Setup Total Application Security

Amazon Virtual Private Cloud. User Guide API Version

Immersion Day. Getting Started with Linux on Amazon EC2

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

Load Balancing Web Servers with OWASP Top 10 WAF in Azure

SelectSurvey.NET AWS (Amazon Web Service) Integration

AWS Remote Access VPC Bundle

CloudEdge Deployment Guide

DenyAll WAF User guide for AWS

Deploy the Firepower Management Center Virtual On the AWS Cloud

ThoughtSpot on AWS Quick Start Guide

Immersion Day. Getting Started with Linux on Amazon EC2

CloudEdge SG6000-VM Installation Guide

Cloud Computing /AWS Course Content

Infoblox Trinzic V-x25 Series Appliances for AWS

Cloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014

25 Best Practice Tips for architecting Amazon VPC

Mediant Cloud Edition (CE)

CPM. Quick Start Guide V2.4.0

CPM Quick Start Guide V2.2.0

Introduction to Cloud Computing

Ross Whetten, North Carolina State University

Deploy and Secure an Internet Facing Application with the Barracuda Web Application Firewall in Amazon Web Services

SAM 8.0 SP2 Deployment at AWS. Version 1.0

Amazon AWS-Solutions-Architect-Professional Exam

EC2 and VPC Deployment Guide

MyIGW Main. Oregon. MyVPC /16. MySecurityGroup / us-west-2b. Type Port Source SSH /0 HTTP

AWS EC2 & VPC CRASH COURSE WHITNEY CHAMPION

NGF0502 AWS Student Slides

Immersion Day. Getting Started with Windows Server on Amazon EC2. June Rev

Virtual Private Cloud. User Guide. Issue 03 Date

Configuring AWS for Zerto Virtual Replication

HySecure Quick Start Guide. HySecure 5.0

AWS Administration. Suggested Pre-requisites Basic IT Knowledge

Amazon Web Services Hands- On VPC

How to Install Forcepoint NGFW in Amazon AWS TECHNICAL DOCUMENT

AltaVault Cloud Integrated Storage Installation and Service Guide for Cloud Appliances

Installing Oxwall completely in Amazon Cloud

Installation and User Guide

AWS VPC Cloud Environment Setup

Figure 1 0: AMI Instances

Elastic Load Balance. User Guide. Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.

AppGate for AWS Step-by-Step Setup Guide. Last revised April 28, 2017

Tutorial 1. Account Registration

Unified Load Balance. User Guide. Issue 04 Date

Infoblox Installation Guide. vnios for Amazon Web Services

Amazon Web Services (AWS) Training Course Content

Flexible Engine. Startup Guide

Firebox Cloud. Deployment Guide. Firebox Cloud for AWS and Microsoft Azure

AWS Integration Guide. Full documentation available at

Deploy ERSPAN with the ExtraHop Discover Appliance and Brocade 5600 vrouter in AWS

25 Best Practice Tips for architecting Amazon VPC. 25 Best Practice Tips for architecting Amazon VPC. Harish Ganesan- CTO- 8KMiles

Bitnami Apache Solr for Huawei Enterprise Cloud

Amazon Web Services Training. Training Topics:

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Eucalyptus User Console Guide

SUREedge Migrator Installation Guide for Amazon AWS

Immersion Day. Getting Started with Windows Server on. Amazon EC2. Rev

SGOS on AWS Deployment Guide

Transcription:

LB Cache Quick Start Guide v1.0 Rev. 1.1.0 Copyright 2002 2017 Loadbalancer.org, Inc

Table of Contents Introduction...3 About LBCache...3 Amazon Terminology...3 Getting Started...3 Deployment Concepts...4 Introduction... 4 VPC Requirements... 4 VPC Wizard Setup... 4 VPC IP Address Types... 5 Instance IP address Allocation... 5 Instance Type... 6 Deploying LBCache...6 Create & Configure a VPC... 6 Accessing & Deploying the AMI... 7 Checking your Subscriptions... 11 Accessing LBCache...11 Assigning an EIP... 11 Accessing LBCache using SSH... 11 Using Linux... 12 Using Windows... 12 Accessing LBCache using SCP... 14 Using Linux... 14 Using Windows... 15 LBCache Control Menu...15 Updating LBCache...16 LBCache API...17 Introduction... 17 Acquiring an Access Token... 17 Making an API Call... 18 API Reference... 19 LBCache Configuration Files...19 LBCache Config File... 19 Loadbalancer.org Technical Support...20 Appendix...21 1 - Company Contact Information... 21

Introduction Introduction Amazon Web Services (AWS) provides a cloud based platform to deploy web services. It allows services to be deployed as and when required. Charges are made for what is used making it an extremely flexible and cost effective solution. LBCache enables you to quickly deploy a reverse HTTP proxy/web accelerator within the AWS cloud. Once deployed, a REST API enables you to configure and control the cache. About LBCache LBCache is based on Linux, Docker & Varnish. Varnish is packaged in a Docker container which runs on Linux via the Docker Engine. Docker is an open-source project that enables the deployment of applications inside software containers. Docker containers wrap up a piece of software in a complete filesystem that contains everything it needs to run: code, runtime, system tools, system libraries anything you can install on a server. Varnish is a reverse HTTP proxy, sometimes referred to as an HTTP accelerator or a web accelerator. A reverse proxy is a proxy server that appears to clients as an ordinary server. Varnish stores (caches) files or fragments of files in memory that are used to reduce the response time and network bandwidth consumption on future, equivalent requests. The configuration files for LBCache are stored outside of the Docker Container which enables the complete Container to be easily updated. Amazon Terminology Acronym Amazon AWS Description Amazon Web Services Amazon S3 Amazon Simple Storage Service Amazon EC2 Amazon Elastic Compute Cloud Amazon VPC Amazon Virtual Private Cloud Amazon AMI Amazon Machine Image Amazon EBS Elastic Block Store EIP Elastic IP Address ENI Elastic Network Interface Getting Started To start using AWS, you'll need an Amazon account. If you don't already have one you can create one at the following URL: http://aws.amazon.com/console/ Page 3

Deployment Concepts Deployment Concepts INTRODUCTION The following diagram shows how LBCache is deployed: HTTP requests TCP 80 LBCache Web Server(s) TCP 4132 API Control LBCache can be deployed with a single or multiple backend web servers, it listens on port 80 for inbound HTTP requests and can be controlled using the API via TCP port 4132. Please refer to page 17 for more details on accessing and using the API. VPC REQUIREMENTS LBCache must be deployed within a VPC (Virtual Private Cloud). The simplest way to create and configure a VPC is to use the wizard available in the AWS/VPC console. VPC WIZARD SETUP When using the wizard to configure a VPC there are 4 types that can be selected as detailed in the table below. Type Description Creates VPC with a Single Public Subnet Instances run in a private, isolated section of the AWS cloud with direct access to the Internet. Network access control lists and security groups can be used to provide strict control over inbound and outbound network traffic to your instances. A /16 network with a /24 subnet. Public subnet instances use Elastic IPs or Public IPs to access the Internet. VPC with Public and Private Subnets In addition to containing a public subnet, this configuration adds a private subnet whose instances are not addressable from the Internet. Instances in the private subnet can establish outbound connections to the Internet via the public subnet using Network Address Translation (NAT). A /16 network with two /24 subnets. Public subnet instances use Elastic IPs to access the Internet. Private subnet instances access the Internet via a Network Address Translation (NAT) instance in the public subnet. (Hourly charges for NAT instances apply.) Page 4

Deployment Concepts VPC with Public and Private Subnets and Hardware VPN Access This configuration adds an IPsec Virtual Private Network (VPN) connection between your Amazon VPC and your data center - effectively extending your data center to the cloud while also providing direct access to the Internet for public subnet instances in your Amazon VPC. A /16 network with two /24 subnets. One subnet is directly connected to the Internet while the other subnet is connected to your corporate network via IPsec VPN tunnel. (VPN charges apply.) VPC with a Private Subnet Only and Hardware VPN Access Your instances run in a private, isolated section of the AWS cloud with a private subnet whose instances are not addressable from the Internet. You can connect this private subnet to your corporate data center via an IPsec Virtual Private Network (VPN) tunnel. A /16 network with a /24 subnet and provisions an IPsec VPN tunnel between your Amazon VPC and your corporate network. (VPN charges apply.) Note: For more details on Amazon's VPC, please refer to their comprehensive user guide available at the following URL: http://awsdocs.s3.amazonaws.com/vpc/latest/vpc-ug.pdf VPC IP ADDRESS TYPES There are 3 IP address types as detailed below: Private The internal RFC 1918 address of an instance that is only routable within the EC2 Cloud. Network traffic originating outside the EC2 network cannot route to this IP, and must use the Public IP or Elastic IP Address mapped to the instance. Public Internet routable IP address assigned by the system for all instances. Traffic routed to the Public IP is translated via 1:1 Network Address Translation (NAT) and forwarded to the Private IP address of an instance. The mapping of a Public IP to Private IP of an instance is the default launch configuration for all instance types. Public IP Addresses are released when instances are stopped or terminated. When an instance is powered on again or restarted, it is allocated a different public IP address. If you require a persistent public IP address that can be associated to and from instances as you require, use an Elastic IP address instead. Elastic (EIP) Internet routable IP address allocated to an AWS EC2 account. Similar to EC2 Public Address, 1:1 NAT is used to map Elastic IP Addresses with their associated Private IP addresses. Unlike a standard EC2 Public IP Address, Elastic IP Addresses are allocated to accounts and can be remapped to other instances when desired. INSTANCE IP ADDRESS ALLOCATION LBCache can be deployed on an internal private network or on an external public facing network. Internal (Private Network) Deployments - Use the private IP address of the instance Page 5

Deployment Concepts Public facing Deployment Associate an EIP with the private IP address of the instance INSTANCE TYPE When deploying a new instance, the default type is t2.medium. This can be changed as required. Please refer to the following URL for a quick comparison of the various types available: http://www.ec2instances.info/ Deploying LBCache CREATE & CONFIGURE A VPC For a manually created VPC, the key steps are: 1. 2. Create a VPC - this is an isolated portion of the AWS cloud Create and attach an Internet gateway - this connects the VPC directly to the Internet and provides access to other AWS products 3. Create an Amazon VPC subnet - this is a segment of a VPC's IP address range that you can launch Amazon EC2 instances into 4. Set up routing in the VPC - this enables traffic to flow between the subnet and the Internet 5. Set Up a Security Group for the VPC - this controls the inbound and outbound traffic However, as mentioned previously the easiest way to configure a VPC is by using the VPC Wizard. The wizard covers steps 1-4. To create a VPC using the wizard: In the VPC dashboard, click Start VPC Wizard Select the first option VPC with a Single Public Subnet Note: This wizard option is appropriate in most cases. It creates a VPC with a single public subnet and auto configures the gateway, subnets and routing table. Additional subnets can be added later if required. Page 6

Deploying LBCache Enter a VPC name and modify the other settings as required as show in the example below: Click Create VPC Note: For more details on Amazon's VPC, please refer to their comprehensive user guide available at the following URL: http://awsdocs.s3.amazonaws.com/vpc/latest/vpc-ug.pdf ACCESSING & DEPLOYING THE AMI Note: Make sure you configure an IAM role, the instance will not work correctly if this is not done. Please refer to the next page for more details. Page 7

Deploying LBCache To access and deploy the AMI: In the EC2 Dashboard, click Launch Instance Click Next: Configure Instance Details Change Network to the required VPC Select AWS Marketplace Search for Loadbalancer.org Click Select next to the LBCache AMI Select the required pricing options (hourly or annual) Click the Launch with EC2 Console button next to the required Region Select the required instance type t2.medium is recommended, but depends on your requirements Page 8

Deploying LBCache If the VPC was created with the wizard, the public subnet's auto-assign Public IP option will be disabled. To automatically allocate a public IP address, change Auto-assign Public IP to Enable Select a suitable IAM Role. The role should have Amazon EC2 Full Access for the Amazon EC2 AWS Service Role Click Next: Add Storage Leave the defaults and click Next: Tag Instance Enter a suitable name for the instance and click Next: Configure Security Group Page 9

Deploying LBCache We recommend that at least the rules shown above and listed below are configured. These are required to enable use/management of LBCache SSH TCP port 22 HTTP TCP port 80 API TCP port 4132 Additional rules can be added as needed Click Review and Launch Check all settings and click Launch Page 10

Deploying LBCache If creating a new pair use the Download Key Pair button to save the private key Note: This private key is used for secure access to the LBCache instance via SSH once it's up and running. If using an existing key pair, check (tick) the acknowledgment check-box Click the Launch Instance button CHECKING YOUR SUBSCRIPTIONS Current subscriptions can be viewed and canceled using the Your Account > Your Software > Manage your Software Subscriptions option in the awsmarketplace console as shown below: Accessing LBCache ASSIGNING AN EIP If LBCache is to be accessible on the Internet, assign an EIP (Elastic IP). ACCESSING LBCACHE USING SSH This uses the private key that you downloaded when setting up your instance (please refer to the previous page). To connect to LBCache using SSH, this private key must be used. Under Linux, the key can be used immediately, for PuTTY under Windows, the key must first be converted to a format required by PuTTY as detailed below. Page 11

Accessing LBCache Note: For SSH access make sure that TCP port 22 is included in the security group for the instance USING LINUX # First change the permission of the private key file to allow only the owner read access chmod 400 /path-where-saved/ec2-key-name.pem # Now connect via SSH specifying the private key file login as user 'ec2-user' ssh -i /path-where-saved/ec2-key-name.pem ec2-user@1.2.3.4 or ssh -i /path-where-saved/ec2-key-name.pem ec2-user@dns-name USING WINDOWS For PuTTY, the private key must be converted into an appropriate format. To do this the PuTTYgen utility (included with PuTTY) must be used. Start PuTTYgen: Click Load, change the file-type to all files and select the pem file saved earlier when creating your Key Pair. You should see the following message: Page 12

Accessing LBCache Click OK Now Click Save private key this can then be used with PuTTY. NB. You can also choose to enter an additional pass-phrase for improved security, if you don't, the following message will be displayed: Page 13

Accessing LBCache Click Yes and save the file with the default.ppk extension Now close PuTTYgen and start PuTTY Expand the SSH section as shown below: Click Browse and select the new.ppk file just created When you open the SSH session, login as 'ec2-user' no password will be required. ACCESSING LBCACHE USING SCP USING LINUX # First change the permission of the private key file to allow only the owner read access chmod 400 /path-where-saved/ec2-key-name.pem # Now start SCP specifying the private key file login as user 'ec2-user' scp -i /path-where-saved/ec2-key-name.pem <local-file> ec2-user@1.2.3.4:<remote-file> or scp -i /path-where-saved/ec2-key-name.pem <local-file> ec2-user@dns-name:<remote-file> Page 14

Accessing LBCache USING WINDOWS With WinSCP, enter the relevant IP address and username root, then browse to the private key file created previously using PuTTYgen. Click Login LBCache Control Menu To access the LBCache control menu, run the following command: lbcache Note: This command must be run as user 'root' To change to user root, type the following command: $ sudo su Page 15

LBCache Control Menu The main menu: Menu Options: 1) 2) 3) 4) 5) 6) Start start LBCache Stop stop LBCache Restart - stop & start LBCache Update update LBCache, this will stop & start LBCache server and will cause disruption Malloc - set the amount of memory available for caching Quit - exit the LBCache menu Commands can also be run (as root user) without entering the menu if preferred, i.e.: # lbcache stop # lbcache start # lbcache restart # lbcache update # lbcache malloc Updating LBCache LbCache provides a simple system command to ensure you can easily update your instance. To update LBCache, follow the steps below: 1) Change to the root user: $ sudo su Page 16

Updating LBCache 2) Update the Cache: # lbcache update Note: This should be done after initial deployment to ensure you have the latest version. LBCache API INTRODUCTION The built in API must be used to configure and maintain LBCache. The API allows for a developer to interface their applications with LBCache. ACQUIRING AN ACCESS TOKEN Before you can start making API requests to the LBCache server, you must first acquire a Bearer access token. In order to obtain a Bearer access token, you must make a POST request to the following address: https://<your-lbcache-ip>:4132/token You must provide an Basic Authorization header with a Base64 encoded username & password combined with a single colon as shown below: Username: lbuser Password: <instance-id> The following screenshots show how PostMan (https://www.getpostman.com/) can be used to craft the POST request. Authorization details: Also, the form-data body must contain a grant_type of client_credentials: Page 17

LBCache API After submitting the request, you should get a response containing your access_token: MAKING AN API CALL Now that we have our Bearer Token, we can now make API calls. The following example shows how to check the status of LBCache. The GET request only requires the AUTH credentials Header: After submitting the request, you should get a response similar to the following: Page 18

LBCache API API REFERENCE For a complete API reference, please refer to the following URL: http://cache.loadbalancer.org LBCache Configuration Files File Purpose config.lbc LBCache Config File default.vcl Default Varnish VCL key.lbk LBCache AUTH Key lb-cache.log LBCache Logs lbcache.vcl LBCache VCL lbcache.vcl.restore LBCache VCL Restore LBCACHE CONFIG FILE Option Default Value Description port 4132 The TCP port the API listens on environment info Logging level. For debugging set this option to debug aws_instance_url http://169.254.169.254/latest/metadata/instance-id The default AWS META URL to obtain the instance ID cert_expiry_time 365 The time allocated in days on when the self-signed cert will expire Page 19

Loadbalancer.org Technical Support Loadbalancer.org Technical Support If you have any questions regarding the appliance or how to load balance your application, please don't hesitate to contact our support team using the following email address: support@loadbalancer.org Page 20

Appendix Appendix 1 - COMPANY CONTACT INFORMATION Website URL: www.loadbalancer.org North America (US) Loadbalancer.org, Inc. 4250 Lancaster Pike, Suite 120 Wilmington DE 19805 USA Tel: Fax: Email (sales): Email (support): North America (Canada) +1 888.867.9504 +1 302.213.0122 sales@loadbalancer.org support@loadbalancer.org Loadbalancer.org Ltd 300-422 Richards Street Vancouver, BC V6B 2Z4 Canada Tel: Fax: Email (sales): Email (support): Europe (UK) +1 866.998.0508 +1 302.213.0122 sales@loadbalancer.org support@loadbalancer.org Loadbalancer.org Ltd. Compass House North Harbour Business Park Portsmouth, PO6 4PS UK Tel: Fax: Email (sales): Email (support): Europe (Germany) +44 (0)330 3801064 +44 (0)870 4327672 sales@loadbalancer.org support@loadbalancer.org Loadbalancer.org GmbH Tengstraße 27 D-80798 München Germany Tel: Fax: Email (sales): Email (support): +49 (0)89 2000 2179 +49 (0)30 920 383 6495 vertrieb@loadbalancer.org support@loadbalancer.org Page 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback