jetPACK
jetPACKs are a unique method of instantly configuring your edgeNEXUS Accelerating
Load Balancer for specific applications. These easy-to-use templates
come pre-configured and fully-tuned with all of the
application-specific settings that you need in order to enjoy optimised
service delivery from your Load Balancer. . Some of the jetPACKs use flightPATH
to manipulate the traffic, you must have a flightPATH license for this
particular element to work. To find out if you have a license for
flightPATH please refer to the Licence page.
This page is split in to the following sections
-
Download a jetPACK
-
Microsoft Exchange
-
Microsoft Lync
-
Web Services
-
Microsoft Remote Desktop
-
DICOM – Digital Imaging and Communications in Medicine
-
Oracle E-Business Suite
-
VMware – Horizon View
-
Global Settings
-
Cipher Options
-
flightPATHs
-
Apply a jetPACK
-
Create a jetPACK
Download a jetPACK
Each jetPACK below has been created with a unique Virtual IP
address that is contained in the title of the jetPACK. For example the
first jetPACK below has a Virtual IP Address of 1.1.1.1. You can either
upload this jetPACK as is and change the IP address in the GUI or edit
the jetPACK with a text editor such as Notepad++ and search and
replace 1.1.1.1 with your own Virtual IP address. In addition each
jetPACK has been created with 2 real servers which have the IP address
of 127.1.1.1 and 127.2.2.2. Again you can change these in the GUI after
upload or beforehand using Notepad++
Right click on a jetPACK link below and Save Link as… a jetPACK-VIP-Application.txt file in your chosen location
Microsoft Exchange
Application
|
Download link |
What does it do?
What’s included?
Exchange 2010
jetPACK-1.1.1.1-Exchange-2010This jetPACK will add the basic settings to load balance Microsoft Exchange 2010.
There is a flightPATH rule included to redirect traffic on the http
service to https but it there as an option. If you don’t have a licence
for flightPATH this jetPACK will still work.
Global settings: Service timeout 2 hours
Monitors: Layer 7 monitor for outlook web app. Layer 4 out of band monitor for client access service
Virtual Service IP: 1.1.1.1
Virtual Service Ports: 80, 443, 135, 59534, 59535
Real Servers: 127.1.1.1. 127.2.2.2
flightPATH: Adds redirect from http to https
jetPACK-1.1.1.2-Exchange-2010-SMTP-RPSame
as above but it will add an SMTP service on port 25 in reverse proxy
connectivity. The SMTP server will see the ALB-X interface address as
the source IP.
Global settings: Service timeout 2 hours
Monitors: Layer 7 monitor for outlook web app. Layer 4 out of band monitor for client access service
Virtual Service IP: 1.1.1.1
Virtual Service Ports: 80, 443, 135, 59534, 59535, 25 (reverse proxy)
Real Servers: 127.1.1.1. 127.2.2.2
flightPATH: Adds redirect from http to https
jetPACK-1.1.1.3-Exchange-2010-SMTP-DSRSame
as above except this jetPACK will configure the SMTP service to
use Direct Server Return connectivity. This is needed if your SMTP
server needs to see the real ip address of the client.
Global settings: Service timeout 2 hours
Monitors: Layer 7 monitor for outlook web app. Layer 4 out of band monitor for client access service
Virtual Service IP: 1.1.1.1
Virtual Service Ports: 80, 443, 135, 59534, 59535, 25 (direct server return)
Real Servers: 127.1.1.1. 127.2.2.2
flightPATH: Adds redirect from http to https
Exchange 2013
jetPACK-2.2.2.1-Exchange-2013-Low-ResourceThe setup add 1 VIP and two services for both HTTP and HTTPS traffic and requires the least amount of CPU
Global settings:
Monitors: Layer 7 monitor for OWA, EWS, OA, EAS, ECP, OAB and ADS
Virtual Service IP: 2.2.2.1
Virtual Service Ports: 80, 443
Real Servers: 127.1.1.1. 127.2.2.2
flightPATH: Adds redirect from http to https
jetPACK-2.2.3.1-Exchange-2013-Med-ResourceThis
setup uses a unique IP address for each service and therefore uses more
resource than above. You must configure each service as a unique DNS
entry
Example owa.jetnexus.com, ews.jetnexus.com etc. A monitor for each service will be added and applied to the relevant service
Global settings:
Monitors: Layer 7 monitor for OWA, EWS, OA, EAS, ECP, OAB and ADS
Virtual Service IP: 2.2.3.1, 2.2.3.2, 2.2.3.3, 2.2.3.4, 2.2.3.5, 2.2.3.6, 2.2.3.7
Virtual Service Ports: 80, 443
Real Servers: 127.1.1.1. 127.2.2.2
flightPATH: Adds redirect from http to https
jetPACK-2.2.2.3-Exchange2013-HIgh-ResourceThis
jetPACK will add one unique IP address and several virtual services on
different ports. flightPATH will then context switch based on the
destination path to the correct Virtual Service. This requires the most
amount of CPU to carry out the context switching
Global settings:
Monitors: Layer 7 monitor for OWA, EWS, OA, EAS, ECP, OAB and ADS
Virtual Service IP: 2.2.2.3
Virtual Service Ports: 80, 443, 1, 2, 3, 4, 5, 6, 7
Real Servers: 127.1.1.1. 127.2.2.2
flightPATH: Adds redirect from http to https
Microsoft Lync 2010/2013
Reverse Proxy |
Front End |
Edge Internal |
Edge External |
|
Web Services
Normal HTTP |
SSL Offload |
SSL Re-Encryption |
SSL Passthrough |
Microsoft Remote Desktop
DICOM – Digital Imaging and Communications in Medicine
Oracle – E-Business Suite
SSL Offload |
|
4.4.4.1
VMware Horizon View
Connection Servers – SSL Offload |
Security Servers – SSL Re-Encryption |
Global Settings
- GUI Secure Port 443 – this jetPACK will change you secure GUI port from 27376 to 443. https://x.x.x.x
- GUI Timeout 1 day – the GUI will request you to input your password every 20 minutes. This will increase that request to 1 day
- ARP Refresh 10 – during a failover between HA appliances this will increase the number of Gratuitous ARP’s to assist the switches during the transition
- Capture Size 16MB – the default capture size is 2MB. This will increase the size to a maximum of 16MB
Cipher Options
The Ciphers listed these jetPACKs are the OpenSSL equivalent names which can be found here
- Strong Ciphers – This will add the
ability to choose “Strong Ciphers” from the Cipher options list:- Cipher
= ALL:RC4+RSA:+RC4:+HIGH:!DES-CBC3-SHA:!SSLv2:!ADH:!EXP:!ADHexport:!MD5
- Cipher
- Anti-Beast
– This will add the ability to choose “Anti Beast” from the Cipher
Options list:.- Cipher =
ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
- Cipher =
- No SSLv3 – This will add the ability to choose “No SSLv3” from the Cipher Options list:
- Cipher = ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4
- No SSLv3 no TLSv1 No RC4 – This will add the ability to choose “No-TLSv1 No-SSLv3 No-RC4” from the Cipher Options list:
- Cipher = ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4
flightPATHs
- X-Content-Type-Options – add this header if it doesn’t exist and set it to “nosniff” – prevents the browser from automatically “MIME-Sniffing”.
- X-Frame-Options
– add this header if it doesn’t exist and set it to “SAMEORIGIN” –
pages on your website can be included in Frames, but only on other
pages within the same website. - X-XSS-Protection – add this header if it doesn’t exist and set it to “1; mode=block” – enable browser cross site scripting protections
- Strict-Transport-Security
– add header if it doesn’t exist and set it to “max-age=31536000 ;
includeSubdomains” – ensures client should honor that all links should
be https:// for the max-age
Apply a
jetPACK
You can apply any jetPACK in any order but be careful not to apply
a jetPACK with the same Virtual IP address. This will cause a duplicate
IP address in the configuration. If you do this by mistake you can
change this in the GUI.
Navigate to Advanced–>Update
Software
- Configuration Section
- Upload New Configuration or jetPACK
- Browse for jetPACK
- Click Upload
- Once the browser screen turns white please click refresh
and wait for the Dashboard page to appear
Create a
jetPACK
One
of the great things about jetPACKs is that you can create your own. It
may be that you have created the perfect config for an application and
want to blast this to several other boxes independently.
- Start by copying the current configuration from your
existing ALB-X- Advanced
- Update Software
- Download Current Configuration
- Click Hear to download the ALB-X.conf file
- Edit this file with Notepad++
- Open up a new txt document and call it “yourname-jetPACK1.txt”
- Copy all the relevant sections from the config file to “yourname-jetPACK1.txt”
- Save once complete
IMPORTANT: Each jetPACK is split into different sections but all jetPACKs must
have #!jetpack at the top of the page.
The sections that are recommended for editing/copying are listed
below.
Section 0:
#!jetpack
This needs to be at the top of the jetPACK or your current
configuration will be over written.
Section1:
[jetnexusdaemon]
This
section contains global settings that once changed will apply to all
services. Some of these settings can be changed from the
web
console but others are only available here.
Examples:
is the tcp timeout value in milliseconds. This particular setting means
that a tcp connection will be closed after 10 minutes of
inactivity
milliseconds between content server health checks for custom monitors
such as DICOM
jnCookieHeader=”MS-WSMAN”
of the cookie header used in persistent load balancing from the default
“jnAccel” to “MS-WSMAN”. This particular change is needed for Lync
2010/2013 reverse proxy.
Section 2:
[jetnexusdaemon-Csm-Rules]
This section contains the custom server monitoring rules that are
normally configured from the web console here.
Example:
Content=”Server Up”
Desc=”Monitor 1″
Method=”CheckResponse”
Name=”Health Check- Is Server Up”
Url=”http://demo.jetneus.com/healthcheck/healthcheck.html”
Section 3:
[jetnexusdaemon-LocalInterface]
This section contains all of the details in the IP Services section. Each
interface is numbered and contains subinterfaces for each channel. If
your channel has a flightPATH rule applied then it will also contain a
Path section too.
Example:
1.1=”443″
1.2=”104″
1.3=”80″
1.4=”81″
Enabled=1
Netmask=”255.255.255.0″
PrimaryV2=”{A28B2C99-1FFC-4A7C-AAD9-A55C32A9E913}”
[jetnexusdaemon-LocalInterface1.1]
1=”>,””Secure Group””,2000,”
2=”192.168.101.11:80,Y,””IIS WWW Server 1″””
3=”192.168.101.12:80,Y,””IIS WWW Server 2″””
AddressResolution=0
CachePort=0
CertificateName=”default”
ClientCertificateName=”No SSL”
Compress=1
ConnectionLimiting=0
DSR=0
DSRProto=”tcp”
Enabled=1
LoadBalancePolicy=”CookieBased”
MaxConnections=10000
MonitoringPolicy=”1″
PassThrough=0
Protocol=”Accelerate HTTP”
ServiceDesc=”Secure Servers VIP”
SNAT=0
SSL=1
SSLClient=0
SSLInternalPort=27400
[jetnexusdaemon-LocalInterface1.1-Path]
1=”6″
Section 4:
[jetnexusdaemon-Path]
This section contains all of the flightPATH
rules. It is important that the numbers match what has been applied to
the interface. In the example above we see that flightPATH rule “6” has
been applied to the channel so we will include this as an example
below.
Example:
Desc=”Force to use HTTPS for certain directory”
Name=”Gary – Force HTTPS”
[jetnexusdaemon-Path-6-Condition-1]
Check=”contain”
Condition=”path”
Match=
Sense=”does”
Value=”/secure/”
[jetnexusdaemon-Path-6-Evaluate-1]
Detail=
Source=”host”
Value=
Variable=”$host$”
[jetnexusdaemon-Path-6-Function-1]
Action=”redirect”
Target=”https://$host$$path$$querystring$”
Value=