jetPACK

jetPACKs are a unique method of instantly configuring your edgeNEXUS Accelerating
Load Balancer for specific applications. These easy-to-use templates
come pre-configured and fully-tuned with all of the
application-specific settings that you need in order to enjoy optimised
service delivery from your Load Balancer. . Some of the jetPACKs use flightPATH
to manipulate the traffic, you must have a flightPATH license for this
particular element to work. To find out if you have a license for
flightPATH please refer to the Licence page.
This page is split in to the following sections

• Download a jetPACK

• Microsoft Exchange

• Microsoft Lync

• Web Services

• Microsoft Remote Desktop

• DICOM – Digital Imaging and Communications in Medicine

• Oracle E-Business Suite

• VMware – Horizon View

• Global Settings

• Cipher Options

• flightPATHs

• Apply a jetPACK

• Create a jetPACK

Download a jetPACK

Each jetPACK below has been created with a unique Virtual IP
address that is contained in the title of the jetPACK. For example the
first jetPACK below has a Virtual IP Address of 1.1.1.1. You can either
upload this jetPACK as is and change the IP address in the GUI or edit
the jetPACK with a text editor such as Notepad++ and search and
replace 1.1.1.1 with your own Virtual IP address. In addition each
jetPACK has been created with 2 real servers which have the IP address
of 127.1.1.1 and 127.2.2.2. Again you can change these in the GUI after
upload or beforehand using Notepad++

Right click on a jetPACK link below and Save Link as… a jetPACK-VIP-Application.txt file in your chosen location

Microsoft Exchange

What does it do?

What’s included?

Exchange 2010

jetPACK-1.1.1.1-Exchange-2010This jetPACK will add the basic settings to load balance Microsoft Exchange 2010.
There is a flightPATH rule included to redirect traffic on the http
service to https but it there as an option. If you don’t have a licence
for flightPATH this jetPACK will still work.
Global settings: Service timeout 2 hours
Monitors: Layer 7 monitor for outlook web app. Layer 4 out of band monitor for client access service
Virtual Service IP: 1.1.1.1
Virtual Service Ports: 80, 443, 135, 59534, 59535
Real Servers: 127.1.1.1. 127.2.2.2
flightPATH: Adds redirect from http to https

jetPACK-1.1.1.2-Exchange-2010-SMTP-RPSame
as above but it will add an SMTP service on port 25 in reverse proxy
connectivity. The SMTP server will see the ALB-X interface address as
the source IP.
Global settings: Service timeout 2 hours

Monitors: Layer 7 monitor for outlook web app. Layer 4 out of band monitor for client access service

Virtual Service IP: 1.1.1.1

Virtual Service Ports: 80, 443, 135, 59534, 59535, 25 (reverse proxy)

Real Servers: 127.1.1.1. 127.2.2.2

flightPATH: Adds redirect from http to https
jetPACK-1.1.1.3-Exchange-2010-SMTP-DSRSame
as above except this jetPACK will configure the SMTP service to
use Direct Server Return connectivity. This is needed if your SMTP
server needs to see the real ip address of the client.
Global settings: Service timeout 2 hours

Monitors: Layer 7 monitor for outlook web app. Layer 4 out of band monitor for client access service

Virtual Service IP: 1.1.1.1

Virtual Service Ports: 80, 443, 135, 59534, 59535, 25 (direct server return)

Real Servers: 127.1.1.1. 127.2.2.2

flightPATH: Adds redirect from http to https

Exchange 2013

jetPACK-2.2.2.1-Exchange-2013-Low-ResourceThe setup add 1 VIP and two services for both HTTP and HTTPS traffic and requires the least amount of CPU
Global settings:

Monitors: Layer 7 monitor for OWA, EWS, OA, EAS, ECP, OAB and ADS

Virtual Service IP: 2.2.2.1

Virtual Service Ports: 80, 443

Real Servers: 127.1.1.1. 127.2.2.2

flightPATH: Adds redirect from http to https
jetPACK-2.2.3.1-Exchange-2013-Med-ResourceThis
setup uses a unique IP address for each service and therefore uses more
resource than above. You must configure each service as a unique DNS
entry
Example owa.jetnexus.com, ews.jetnexus.com etc. A monitor for each service will be added and applied to the relevant service
Global settings:

Monitors: Layer 7 monitor for OWA, EWS, OA, EAS, ECP, OAB and ADS

Virtual Service IP: 2.2.3.1, 2.2.3.2, 2.2.3.3, 2.2.3.4, 2.2.3.5, 2.2.3.6, 2.2.3.7

Virtual Service Ports: 80, 443

Real Servers: 127.1.1.1. 127.2.2.2

flightPATH: Adds redirect from http to https
jetPACK-2.2.2.3-Exchange2013-HIgh-ResourceThis
jetPACK will add one unique IP address and several virtual services on
different ports. flightPATH will then context switch based on the
destination path to the correct Virtual Service. This requires the most
amount of CPU to carry out the context switching
Global settings:

Monitors: Layer 7 monitor for OWA, EWS, OA, EAS, ECP, OAB and ADS

Virtual Service IP: 2.2.2.3

Virtual Service Ports: 80, 443, 1, 2, 3, 4, 5, 6, 7

Real Servers: 127.1.1.1. 127.2.2.2

flightPATH: Adds redirect from http to https

Microsoft Lync 2010/2013

Web Services

Microsoft Remote Desktop

DICOM – Digital Imaging and Communications in Medicine

Oracle – E-Business Suite

4.4.4.1

VMware Horizon View

Global Settings

• GUI Secure Port 443 – this jetPACK will change you secure GUI port from 27376 to 443. https://x.x.x.x
• GUI Timeout 1 day – the GUI will request you to input your password every 20 minutes. This will increase that request to 1 day
• ARP Refresh 10 – during a failover between HA appliances this will increase the number of Gratuitous ARP’s to assist the switches during the transition
• Capture Size 16MB – the default capture size is 2MB. This will increase the size to a maximum of 16MB

Cipher Options

The Ciphers listed these jetPACKs are the OpenSSL equivalent names which can be found here

• Strong Ciphers – This will add the
  ability to choose “Strong Ciphers” from the Cipher options list:
  •  Cipher
    = ALL:RC4+RSA:+RC4:+HIGH:!DES-CBC3-SHA:!SSLv2:!ADH:!EXP:!ADHexport:!MD5
• Anti-Beast
  – This will add the ability to choose “Anti Beast” from the Cipher
  Options list:.
  • Cipher =
    ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
• No SSLv3 – This will add the ability to choose “No SSLv3” from the Cipher Options list:
  • Cipher =  ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4
• No SSLv3 no TLSv1 No RC4 – This will add the ability to choose “No-TLSv1 No-SSLv3 No-RC4” from the Cipher Options list:
  • Cipher =  ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4

flightPATHs

• X-Content-Type-Options – add this header if it doesn’t exist and set it to “nosniff” –  prevents the browser from automatically “MIME-Sniffing”.
• X-Frame-Options
  – add this header if it doesn’t exist and set it to “SAMEORIGIN” –
  pages on your website can be included in Frames, but only on other
  pages within the same website.
• X-XSS-Protection – add this header if it doesn’t exist and set it to “1; mode=block” – enable browser cross site scripting protections
• Strict-Transport-Security
  – add header if it doesn’t exist and set it to “max-age=31536000 ;
  includeSubdomains” – ensures client should honor that all links should
  be https:// for the max-age

Apply a
jetPACK

You can apply any jetPACK in any order but be careful not to apply
a jetPACK with the same Virtual IP address. This will cause a duplicate
IP address in the configuration. If you do this by mistake you can
change this in the GUI.

Navigate to Advanced–>Update
Software

• Configuration Section
• Upload New Configuration or jetPACK
• Browse for jetPACK
• Click Upload
• Once the browser screen turns white please click refresh
  and wait for the Dashboard page to appear

Create a
jetPACK

One
of the great things about jetPACKs is that you can create your own. It
may be that you have created the perfect config for an application and
want to blast this to several other boxes independently.

• Start by copying the current configuration from your
  existing ALB-X
  • Advanced
  • Update Software
  • Download Current Configuration
  • Click Hear to download the ALB-X.conf file
• Edit this file with Notepad++
• Open up a new txt document and call it “yourname-jetPACK1.txt”
• Copy all the relevant sections from the config file to “yourname-jetPACK1.txt”
• Save once complete

IMPORTANT: Each jetPACK is split into different sections but all jetPACKs must
have #!jetpack at the top of the page.

The sections that are recommended for editing/copying are listed
below.

Section 0:

#!jetpack

This needs to be at the top of the jetPACK or your current
configuration will be over written.

Section1:

[jetnexusdaemon]

This
section contains global settings that once changed will apply to all
services. Some of these settings can be changed from the
web
console but others are only available here.

Examples: