jetPACK
jetPACKs are a unique method of instantly configuring your edgeNEXUS Accelerating Load Balancer for specific applications. These easy-to-use templates come pre-configured and fully-tuned with all of the
application-specific settings that you need in order to enjoy optimised service delivery from your Load Balancer. . Some of the jetPACKs use flightPATH to manipulate the traffic, you must have a flightPATH license for this
particular element to work. To find out if you have a license for flightPATH please refer to the Licence page.
This page is split in to the following sections
-
Download a jetPACK
-
Microsoft Exchange
-
Microsoft Lync
-
Web Services
-
Microsoft Remote Desktop
-
DICOM – Digital Imaging and Communications in Medicine
-
Oracle E-Business Suite
-
VMware – Horizon View
-
Global Settings
-
Cipher Options
-
Apply a jetPACK
-
Create a jetPACK
Download a jetPACK
Each jetPACK below has been created with a unique Virtual IP
address that is contained in the title of the jetPACK. For example the
first jetPACK below has a Virtual IP Address of 1.1.1.1. You can either
upload this jetPACK as is and change the IP address in the GUI or edit
the jetPACK with a text editor such as Notepad++ and search and
replace 1.1.1.1 with your own Virtual IP address. In addition each
jetPACK has been created with 2 real servers which have the IP address
of 127.1.1.1 and 127.2.2.2. Again you can change these in the GUI after
upload or beforehand using Notepad++
Right click on a jetPACK link below and Save Link as… a jetPACK-VIP-Application.txt file in your chosen location
Microsoft Exchange
Application
|
Download link
|
What does it do? |
What’s included? |
Exchange 2010 |
jetPACK-1.1.1.1-Exchange-2010 | This jetPACK will add the basic settings to load balance Microsoft Exchange 2010. There is a flightPATH rule included to redirect traffic on the http service to https but it there as an option. If you don’t have a licence for flightPATH this jetPACK will still work. |
Global settings: Service timeout 2 hours Monitors: Layer 7 monitor for outlook web app. Layer 4 out of band monitor for client access service Virtual Service IP: 1.1.1.1 Virtual Service Ports: 80, 443, 135, 59534, 59535 Real Servers: 127.1.1.1. 127.2.2.2 flightPATH: Adds redirect from http to https |
jetPACK-1.1.1.2-Exchange-2010-SMTP-RP | Same as above but it will add an SMTP service on port 25 in reverse proxy connectivity. The SMTP server will see the ALB-X interface address as the source IP. |
Global settings: Service timeout 2 hours Monitors: Layer 7 monitor for outlook web app. Layer 4 out of band monitor for client access service Virtual Service IP: 1.1.1.2 Virtual Service Ports: 80, 443, 135, 59534, 59535, 25 (reverse proxy) Real Servers: 127.1.1.1. 127.2.2.2 flightPATH: Adds redirect from http to https |
|
jetPACK-1.1.1.3-Exchange-2010-SMTP-DSR | Same as above except this jetPACK will configure the SMTP service to use Direct Server Return connectivity. This is needed if your SMTP server needs to see the real ip address of the client. |
Global settings: Service timeout 2 hours Monitors: Layer 7 monitor for outlook web app. Layer 4 out of band monitor for client access service Virtual Service IP: 1.1.1.3 Virtual Service Ports: 80, 443, 135, 59534, 59535, 25 (direct server return) Real Servers: 127.1.1.1. 127.2.2.2 flightPATH: Adds redirect from http to https |
|
Exchange 2013 |
jetPACK-2.2.2.1-Exchange-2013-Low-Resource | The setup add 1 VIP and two services for both HTTP and HTTPS traffic and requires the least amount of CPU | Global settings: Monitors: Layer 7 monitor for OWA, EWS, OA, EAS, ECP, OAB and ADS Virtual Service IP: 2.2.2.1 Virtual Service Ports: 80, 443 Real Servers: 127.1.1.1. 127.2.2.2 flightPATH: Adds redirect from http to https |
jetPACK-2.2.3.1-Exchange-2013-Med-Resource | This setup uses a unique IP address for each service and therefore uses more resource than above. You must configure each service as a unique DNS entry Example owa.jetnexus.com, ews.jetnexus.com etc. A monitor for each service will be added and applied to the relevant service |
Global settings: Monitors: Layer 7 monitor for OWA, EWS, OA, EAS, ECP, OAB and ADS Virtual Service IP: 2.2.3.1, 2.2.3.2, 2.2.3.3, 2.2.3.4, 2.2.3.5, 2.2.3.6, 2.2.3.7 Virtual Service Ports: 80, 443 Real Servers: 127.1.1.1. 127.2.2.2 flightPATH: Adds redirect from http to https |
|
jetPACK-2.2.2.3-Exchange2013-HIgh-Resource | This jetPACK will add one unique IP address and several virtual services on different ports. flightPATH will then context switch based on the destination path to the correct Virtual Service. This requires the most amount of CPU to carry out the context switching |
Global settings: Monitors: Layer 7 monitor for OWA, EWS, OA, EAS, ECP, OAB and ADS Virtual Service IP: 2.2.2.3 Virtual Service Ports: 80, 443, 1, 2, 3, 4, 5, 6, 7 Real Servers: 127.1.1.1. 127.2.2.2 flightPATH: Adds redirect from http to https |
Microsoft Lync 2010/2013
Reverse Proxy |
Front End |
Edge Internal |
Edge External |
Web Services
Normal HTTP |
SSL Offload |
SSL Re-Encryption |
SSL Passthrough |
Microsoft Remote Desktop
DICOM – Digital Imaging and Communications in Medicine
Oracle – E-Business Suite
SSL Offload |
|
|
VMware Horizon View
Connection Servers – SSL Offload |
Security Servers – SSL Re-Encryption |
Global Settings
- GUI Secure Port 443 – this jetPACK will change you secure GUI port from 27376 to 443. https://x.x.x.x
- GUI Timeout 1 day – the GUI will request you to input your password every 20 minutes. This will increase that request to 1 day
- ARP Refresh 10 – during a failover between HA appliances this will increase the number of Gratuitous ARP’s to assist the switches during the transition
- Capture Size 16MB – the default capture size is 2MB. This will increase the size to a maximum of 16MB
- TCP Timeout – 2hrs – this will change the default global TCP timeout to 2 hours
Cipher Options
- Strong Ciphers – This will add the
ability to choose “Strong Ciphers” from the Cipher options list: - Cipher
= ALL:RC4+RSA:+RC4:+HIGH:!DES-CBC3-SHA:!SSLv2:!ADH:!EXP:!ADHexport:!MD5 - Anti-Beast – This will add the ability to choose “Anti Beast” from the Cipher
Options list:. - Cipher =
ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH - No SSLv3 – This will add the ability to choose “No SSLv3” from the Cipher Options list:
- Cipher = ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4
- No SSLv3 no TLSv1 No RC4 – This will add the ability to choose “No-TLSv1 No-SSLv3 No-RC4” from the Cipher Options list:
- Cipher = ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4
Apply a jetPACK
You can apply any jetPACK in any order but be careful not to apply
a jetPACK with the same Virtual IP address. This will cause a duplicate
IP address in the configuration. If you do this by mistake you can
change this in the GUI.
Navigate to Advanced–>Update
Software
- Configuration Section
- Upload New Configuration or jetPACK
- Browse for jetPACK
- Click Upload
- Once the browser screen turns white please click refresh
and wait for the Dashboard page to appear
Create a jetPACK
One
of the great things about jetPACKs is that you can create your own. It
may be that you have created the perfect config for an application and
want to blast this to several other boxes independently.
- Start by copying the current configuration from your
existing ALB-X - Advanced
- Update Software
- Click the green Download Current Configuration button to download the ALB-X.conf file
- Edit this file with Notepad++
- Open up a new txt document and call it “yourname-jetPACK1.txt”
- Copy all the relevant sections from the config file to “yourname-jetPACK1.txt”
- Save once complete
IMPORTANT: Each jetPACK is split into different sections but all jetPACKs must have #!jetpack at the top of the page.
The sections that are recommended for editing/copying are listed
below.
Section 0:
#!jetpack
This needs to be at the top of the jetPACK or your current
configuration will be over written.
Section1:
[jetnexusdaemon]
This
section contains global settings that once changed will apply to all
services. Some of these settings can be changed from the
web
console but others are only available here.
Examples:
is the tcp timeout value in milliseconds. This particular setting means
that a tcp connection will be closed after 10 minutes of
inactivity
milliseconds between content server health checks for custom monitors
such as DICOM
of the cookie header used in persistent load balancing from the default
“jnAccel” to “MS-WSMAN”. This particular change is needed for Lync
2010/2013 reverse proxy.
Section 2:
[jetnexusdaemon-Csm-Rules]
This section contains the custom server monitoring rules that are
normally configured from the web console here.
Example:
Content=”Server Up”
Desc=”Monitor 1″
Method=”CheckResponse”
Name=”Health Check- Is Server Up”
Url=”http://demo.jetneus.com/healthcheck/healthcheck.html”
Section 3:
[jetnexusdaemon-LocalInterface]
This section contains all of the details in the IP Services section. Each
interface is numbered and contains subinterfaces for each channel. If
your channel has a flightPATH rule applied then it will also contain a
Path section too.
Example:
1.1=”443″
1.2=”104″
1.3=”80″
1.4=”81″
Enabled=1
Netmask=”255.255.255.0″
PrimaryV2=”{A28B2C99-1FFC-4A7C-AAD9-A55C32A9E913}”
[jetnexusdaemon-LocalInterface1.1]
1=”>,””Secure Group””,2000,”
2=”192.168.101.11:80,Y,””IIS WWW Server 1″””
3=”192.168.101.12:80,Y,””IIS WWW Server 2″””
AddressResolution=0
CachePort=0
CertificateName=”default”
ClientCertificateName=”No SSL”
Compress=1
ConnectionLimiting=0
DSR=0
DSRProto=”tcp”
Enabled=1
LoadBalancePolicy=”CookieBased”
MaxConnections=10000
MonitoringPolicy=”1″
PassThrough=0
Protocol=”Accelerate HTTP”
ServiceDesc=”Secure Servers VIP”
SNAT=0
SSL=1
SSLClient=0
SSLInternalPort=27400
[jetnexusdaemon-LocalInterface1.1-Path]
1=”6″
Section 4:
[jetnexusdaemon-Path]
This section contains all of the flightPATH rules. It is important that the numbers match what has been applied to
the interface. In the example above we see that flightPATH rule “6” has
been applied to the channel so we will include this as an example
below.
Example:
Desc=”Force to use HTTPS for certain directory”
Name=”Gary – Force HTTPS”
[jetnexusdaemon-Path-6-Condition-1]
Check=”contain”
Condition=”path”
Match=
Sense=”does”
Value=”/secure/”
[jetnexusdaemon-Path-6-Evaluate-1]
Detail=
Source=”host”
Value=
Variable=”$host$”
[jetnexusdaemon-Path-6-Function-1]
Action=”redirect”
Target=”https://$host$$path$$querystring$”
Value=