jetPACK
jetPACKs are a unique method of instantly configuring your edgeNEXUS Accelerating Load Balancer for specific applications. These easy-to-use templates
come pre-configured and fully-tuned with all of the application-specific settings that you need in order to enjoy optimised service delivery from your Load Balancer. . Some of the jetPACKs use flightPATH to manipulate the traffic, you must have a flightPATH license for this particular element to work. To find out if you have a license for flightPATH please refer to the Licence page.
This page is split in to the following sections
-
- FGlobal S
Download a jetPACK
Each jetPACK below has been created with a unique Virtual IP address that is contained in the title of the jetPACK. For example the first jetPACK below has a Virtual IP Address of 1.1.1.1
You can either upload this jetPACK as is and change the IP address in the GUI or edit the jetPACK with a text editor such as Notepad++ and search and replace 1.1.1.1 with your own Virtual IP address.
In addition each jetPACK has been created with 2 real servers which have the IP address of 127.1.1.1 and 127.2.2.2 Again you can change these in the GUI after upload or beforehand using Notepad++ Right click on a jetPACK link below and Save Link as… a jetPACK-VIP-Application.txt file in your chosen location
Microsoft Exchange
| Application | Download link | What does it do? | What’s included? |
|---|---|---|---|
| Exchange 2010 | jetPACK-1.1.1.1-Exchange-2010 | This jetPACK will add the basic settings to load balance Microsoft Exchange 2010.There is a flightPATH rule included to redirect traffic on the http service to https but it there as an option. If you don’t have a licence for flightPATH this jetPACK will still work. |
|
| jetPACK-1.1.1.2-Exchange-2010-SMTP-RP | Same as above but it will add an SMTP service on port 25 in reverse proxy connectivity. The SMTP server will see the ALB-X interface address as the source IP. |
|
|
| jetPACK-1.1.1.3-Exchange-2010-SMTP-DSR | Same as above except this jetPACK will configure the SMTP service to use Direct Server Return connectivity. This is needed if your SMTP server needs to see the real ip address of the client. |
|
|
| Exchange 2013 | jetPACK-2.2.2.1-Exchange-2013-Low-Resource | This setup adds 1 VIP and two services for both HTTP and HTTPS traffic and requires the least amount of CPU.
It is possible to add multiple healtchecks to the VIP in order to check each of the individual services is up |
|
| jetPACK-2.2.3.1-Exchange-2013-Med-Resource | This setup uses a unique IP address for each service and therefore uses more resource than above. You must configure each service as a unique DNS entry Example owa.jetnexus.com, ews.jetnexus.com etc. A monitor for each service will be added and applied to the relevant service |
|
|
| jetPACK-2.2.2.3-Exchange2013-HIgh-Resource | This jetPACK will add one unique IP address and several virtual services on different ports. flightPATH will then context switch based on the destination path to the correct Virtual Service. This requires the most amount of CPU to carry out the context switching |
|
Microsoft Lync 2010/2013
Reverse Proxy |
Front End |
Edge Internal |
Edge External |
Web Services
Normal HTTP |
SSL Offload |
SSL Re-Encryption |
SSL Passthrough |
Microsoft Remote Desktop
DICOM – Digital Imaging and Communications in Medicine
Oracle – E-Business Suite
SSL Offload |
|
VMware Horizon View
Connection Servers – SSL Offload |
Security Servers – SSL Re-Encryption |
Global Settings
- GUI Secure Port 443 – this jetPACK will change you secure GUI port from 27376 to 443. https://x.x.x.x
- GUI Timeout 1 day – the GUI will request you to input your password every 20 minutes. This will increase that request to 1 day
- ARP Refresh 10 – during a failover between HA appliances this will increase the number of Gratuitous ARP’s to assist the switches during the transition
- Capture Size 16MB – the default capture size is 2MB. This will increase the size to a maximum of 16MB
Cipher Options
- Strong Ciphers – This will add the ability to choose “Strong Ciphers” from the Cipher options list:
- Cipher
= ALL:RC4+RSA:+RC4:+HIGH:!DES-CBC3-SHA:!SSLv2:!ADH:!EXP:!ADHexport:!MD5
- Cipher
- Anti-Beast – This will add the ability to choose “Anti Beast” from the Cipher
Options list:- Cipher =
ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
- Cipher =
- No SSLv3 – This will add the ability to choose “No SSLv3” from the Cipher Options list:
- Cipher = ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4
- No SSLv3 no TLSv1 No RC4 – This will add the ability to choose “No-TLSv1 No-SSLv3 No-RC4” from the Cipher Options list:
- Cipher = ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4
- NO_TLSv1.1 –This will add the ability to choose “NO_TLSv1.1” from the Cipher Options list:
Cipher= ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128: DH+AES:RSA+AESGCM:RSA+AES:HIGH:!3DES:!aNULL:!MD5:!DSS:!MD5:!aNULL:!EDH:!RC4
flightPATHs
- X-Content-Type-Options – add this header if it doesn’t exist and set it to “nosniff” – prevents the browser from automatically “MIME-Sniffing”.
- X-Frame-Options – add this header if it doesn’t exist and set it to “SAMEORIGIN” – pages on your website can be included in Frames, but only on other
pages within the same website. - X-XSS-Protection – add this header if it doesn’t exist and set it to “1; mode=block” – enable browser cross site scripting protections
- Strict-Transport-Security – add header if it doesn’t exist and set it to “max-age=31536000 ; includeSubdomains” – ensures client should honor that all links should be https:// for the max-age
Apply a jetPACK
You can apply any jetPACK in any order but be careful not to apply a jetPACK with the same Virtual IP address. This will cause a duplicate IP address in the configuration. If you do this by mistake you can change this in the GUI.
Navigate to Advanced–>Update
Software
- Configuration Section
- Upload New Configuration or jetPACK
- Browse for jetPACK
- Click Upload
- Once the browser screen turns white please click refresh and wait for the Dashboard page to appear
Create a jetPACK
One
of the great things about jetPACKs is that you can create your own. It may be that you have created the perfect config for an application and want to blast this to several other boxes independently.
- Start by copying the current configuration from your existing ALB-X
- Advanced
- Update Software
- Download Current Configuration
- Click Hear to download the ALB-X.conf file
- Edit this file with Notepad++
- Open up a new txt document and call it “yourname-jetPACK1.txt”
- Copy all the relevant sections from the config file to “yourname-jetPACK1.txt”
- Save once complete
IMPORTANT: Each jetPACK is split into different sections but all jetPACKs must have #!jetpack at the top of the page.
The sections that are recommended for editing/copying are listed below.
Section 0:
#!jetpack
This needs to be at the top of the jetPACK or your current configuration will be over written.
Section1:
[jetnexusdaemon]
This section contains global settings that once changed will apply to all services. Some of these settings can be changed from the web console but others are only available here.
Examples:
ConnectionTimeout=600000
jnCookieHeader=”MS-WSMAN”
Section 2:
[jetnexusdaemon-Csm-Rules]
This section contains the custom server monitoring rules that are normally configured from the web console here.
Example:
- [jetnexusdaemon-Csm-Rules-0]
- Content=”Server Up”
- Desc=”Monitor 1″
- Method=”CheckResponse”
- Name=”Health Check- Is Server Up”
- Url=”http://demo.jetneus.com/healthcheck/healthcheck.html”
Section 3:
[jetnexusdaemon-LocalInterface]
This section contains all of the details in the IP Services section. Each interface is numbered and contains subinterfaces for each channel. If your channel has a flightPATH rule applied then it will also contain a Path section too.
Example:
- [jetnexusdaemon-LocalInterface1]
- 1.1=”443″
- 1.2=”104″
- 1.3=”80″
- 1.4=”81″
- Enabled=1
- Netmask=”255.255.255.0″
- PrimaryV2=”{A28B2C99-1FFC-4A7C-AAD9-A55C32A9E913}”
- [jetnexusdaemon-LocalInterface1.1]
- 1=”>,””Secure Group””,2000,”
- 2=”192.168.101.11:80,Y,””IIS WWW Server 1″””
- 3=”192.168.101.12:80,Y,””IIS WWW Server 2″””
- AddressResolution=0
- CachePort=0
- CertificateName=”default”
- ClientCertificateName=”No SSL”
- Compress=1
- ConnectionLimiting=0
- DSR=0
- DSRProto=”tcp”
- Enabled=1
- LoadBalancePolicy=”CookieBased”
- MaxConnections=10000
- MonitoringPolicy=”1″
- PassThrough=0
- Protocol=”Accelerate HTTP”
- ServiceDesc=”Secure Servers VIP”
- SNAT=0
- SSL=1
- SSLClient=0
- SSLInternalPort=27400
- [jetnexusdaemon-LocalInterface1.1-Path]
- 1=”6″
Section 4:
[jetnexusdaemon-Path]
This section contains all of the flightPATH rules. It is important that the numbers match what has been applied to the interface. In the example above we see that flightPATH rule “6” has been applied to the channel so we will include this as an example below.
Example:
- [jetnexusdaemon-Path-6]
- Desc=”Force to use HTTPS for certain directory”
- Name=”Gary – Force HTTPS”
- [jetnexusdaemon-Path-6-Condition-1]
- Check=”contain”
- Condition=”path”
- Match=
- Sense=”does”
- Value=”/secure/”
- [jetnexusdaemon-Path-6-Evaluate-1]
- Detail=
- Source=”host”
- Value=
- Variable=”$host$”[jetnexusdaemon-Path-6-Function-1]
- Action=”redirect”
- Target=”https://$host$$path$$querystring$”
- Value=
Back to Top