jetPACK

jetPACK

jetPACKs are a unique method of instantly configuring your edgeNEXUS Accelerating Load Balancer for specific applications. These easy-to-use templates
come pre-configured and fully-tuned with all of the application-specific settings that you need in order to enjoy optimised service delivery from your Load Balancer. . Some of the jetPACKs use flightPATH to manipulate the traffic, you must have a flightPATH license for this particular element to work. To find out if you have a license for flightPATH please refer to the Licence page.
This page is split in to the following sections

 

Download a jetPACK

Each jetPACK below has been created with a unique Virtual IP address that is contained in the title of the jetPACK. For example the first jetPACK below has a Virtual IP Address of 1.1.1.1

You can either upload this jetPACK as is and change the IP address in the GUI or edit the jetPACK with a text editor such as Notepad++ and search and replace 1.1.1.1 with your own Virtual IP address.

In addition each jetPACK has been created with 2 real servers which have the IP address of 127.1.1.1 and 127.2.2.2 Again you can change these in the GUI after upload or beforehand using Notepad++ Right click on a jetPACK link below and Save Link as… a jetPACK-VIP-Application.txt file in your chosen location

 

Microsoft Exchange

 

Application Download link What does it do? What’s included?
Exchange 2010 jetPACK-1.1.1.1-Exchange-2010 This jetPACK will add the basic settings to load balance Microsoft Exchange 2010.There is a flightPATH rule included to redirect traffic on the http service to https but it there as an option. If you don’t have a licence for flightPATH this jetPACK will still work.
  • Global settings: Service timeout 2 hours
  • Monitors: Layer 7 monitor for outlook web app. Layer 4 out of band monitor for client access service
  • Virtual Service IP: 1.1.1.1
  • Virtual Service Ports: 80, 443, 135, 59534, 59535
  • Real Servers: 127.1.1.1 127.2.2.2
  • flightPATH: Adds redirect from http to https
jetPACK-1.1.1.2-Exchange-2010-SMTP-RP Same as above but it will add an SMTP service on port 25 in reverse proxy connectivity. The SMTP server will see the ALB-X interface address as the source IP.
  • Global settings: Service timeout 2 hours
  • Monitors: Layer 7 monitor for outlook web app. Layer 4 out of band monitor for client access service
  • Virtual Service IP: 1.1.1.1
  • Virtual Service Ports: 80, 443, 135, 59534, 59535, 25 (reverse proxy)
  • Real Servers: 127.1.1.1 127.2.2.2
  • flightPATH: Adds redirect from http to https
jetPACK-1.1.1.3-Exchange-2010-SMTP-DSR Same as above except this jetPACK will configure the SMTP service to use Direct Server Return connectivity. This is needed if your SMTP server needs to see the real ip address of the client.
  • Global settings: Service timeout 2 hours
  • Monitors: Layer 7 monitor for outlook web app. Layer 4 out of band monitor for client access service
  • Virtual Service IP: 1.1.1.1
  • Virtual Service Ports: 80, 443, 135, 59534, 59535, 25 (direct server return)
  • Real Servers: 127.1.1.1 127.2.2.2
  • flightPATH: Adds redirect from http to https
Exchange 2013 jetPACK-2.2.2.1-Exchange-2013-Low-Resource This setup adds 1 VIP and two services for both HTTP and HTTPS traffic and requires the least amount of CPU.

It is possible to add multiple healtchecks to the VIP in order to check each of the individual services is up

  • Global settings:
  • Monitors: Layer 7 monitor for OWA, EWS, OA, EAS, ECP, OAB and ADS
  • Virtual Service IP: 2.2.2.1
  • Virtual Service Ports: 80, 443
  • Real Servers: 127.1.1.1 127.2.2.2
  • flightPATH: Adds redirect from http to https
jetPACK-2.2.3.1-Exchange-2013-Med-Resource This setup uses a unique IP address for each service and therefore uses more resource than above. You must configure each service as a unique DNS entry Example owa.jetnexus.com, ews.jetnexus.com etc. A monitor for each service will be added and applied to the relevant service
  • Global settings:
  • Monitors: Layer 7 monitor for OWA, EWS, OA, EAS, ECP, OAB,ADS, MAPI and Powershell
  • Virtual Service IP: 2.2.3.1, 2.2.3.2, 2.2.3.3, 2.2.3.4, 2.2.3.5, 2.2.3.6, 2.2.3.7, 2.2.3.8, 2.2.3.9, 2.2.3.10
  • Virtual Service Ports: 80, 443
  • Real Servers: 127.1.1.1 127.2.2.2
  • flightPATH: Adds redirect from http to https
jetPACK-2.2.2.3-Exchange2013-HIgh-Resource This jetPACK will add one unique IP address and several virtual services on different ports. flightPATH will then context switch based on the destination path to the correct Virtual Service. This requires the most amount of CPU to carry out the context switching
  • Global settings:
  • Monitors: Layer 7 monitor for OWA, EWS, OA, EAS, ECP, OAB, ADS, MAPI and Powershell
  • Virtual Service IP: 2.2.2.3
  • Virtual Service Ports: 80, 443, 1, 2, 3, 4, 5, 6, 7
  • Real Servers: 127.1.1.1 127.2.2.2
  • flightPATH: Adds redirect from http to https

 

 

Microsoft Lync 2010/2013

Reverse Proxy

Front End

Edge Internal

Edge External

 

 

Web Services

 

Normal HTTP

SSL Offload

SSL Re-Encryption

SSL Passthrough

 

Microsoft Remote Desktop

 

 

DICOM – Digital Imaging and Communications in Medicine

 

 

Oracle – E-Business Suite

 

 SSL Offload

 

VMware Horizon View

 

Connection Servers – SSL Offload

Security Servers – SSL Re-Encryption

 

Global Settings

 

  • GUI Secure Port 443 – this jetPACK will change you secure GUI port from 27376 to 443. https://x.x.x.x
  • GUI Timeout 1 day – the GUI will request you to input your password every 20 minutes. This will increase that request to 1 day
  • ARP Refresh 10 – during a failover between HA appliances this will increase the number of Gratuitous ARP’s to assist the switches during the transition
  • Capture Size 16MB – the default capture size is 2MB. This will increase the size to a maximum of 16MB

 

Cipher Options

 

  • Strong Ciphers – This will add the ability to choose “Strong Ciphers” from the Cipher options list:
    •  Cipher
      = ALL:RC4+RSA:+RC4:+HIGH:!DES-CBC3-SHA:!SSLv2:!ADH:!EXP:!ADHexport:!MD5
  • Anti-Beast – This will add the ability to choose “Anti Beast” from the Cipher
    Options list:

    • Cipher =
      ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
  • No SSLv3 – This will add the ability to choose “No SSLv3” from the Cipher Options list:
    • Cipher =  ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4
  • No SSLv3 no TLSv1 No RC4 – This will add the ability to choose “No-TLSv1 No-SSLv3 No-RC4” from the Cipher Options list:
    • Cipher =  ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4

 

flightPATHs

 

  • X-Content-Type-Options – add this header if it doesn’t exist and set it to “nosniff” –  prevents the browser from automatically “MIME-Sniffing”.
  • X-Frame-Options – add this header if it doesn’t exist and set it to “SAMEORIGIN” – pages on your website can be included in Frames, but only on other
    pages within the same website.
  • X-XSS-Protection – add this header if it doesn’t exist and set it to “1; mode=block” – enable browser cross site scripting protections
  • Strict-Transport-Security – add header if it doesn’t exist and set it to “max-age=31536000 ; includeSubdomains” – ensures client should honor that all links should be https:// for the max-age

 

 

Apply a jetPACK

You can apply any jetPACK in any order but be careful not to apply a jetPACK with the same Virtual IP address. This will cause a duplicate IP address in the configuration. If you do this by mistake you can change this in the GUI.

Navigate to Advanced–>Update
Software

  • Configuration Section
  • Upload New Configuration or jetPACK
  • Browse for jetPACK
  • Click Upload
  • Once the browser screen turns white please click refresh and wait for the Dashboard page to appear

 

Create a jetPACK

One
of the great things about jetPACKs is that you can create your own. It may be that you have created the perfect config for an application and want to blast this to several other boxes independently.

  • Start by copying the current configuration from your existing ALB-X
    • Advanced
    • Update Software
    • Download Current Configuration
    • Click Hear to download the ALB-X.conf file
  • Edit this file with Notepad++
  • Open up a new txt document and call it “yourname-jetPACK1.txt”
  • Copy all the relevant sections from the config file to “yourname-jetPACK1.txt”
  • Save once complete

IMPORTANT: Each jetPACK is split into different sections but all jetPACKs must have #!jetpack at the top of the page.

The sections that are recommended for editing/copying are listed below.

Section 0:

#!jetpack

This needs to be at the top of the jetPACK or your current configuration will be over written.

Section1:

[jetnexusdaemon]

This section contains global settings that once changed will apply to all services. Some of these settings can be changed from the web console but others are only available here.

Examples:

ConnectionTimeout=600000

This is the tcp timeout value in milliseconds. This particular setting means that a tcp connection will be closed after 10 minutes of inactivity
ContentServerCustomTimer=20000
This is delay in milliseconds between content server health checks for custom monitors such as DICOM

jnCookieHeader=”MS-WSMAN”

This will change the name of the cookie header used in persistent load balancing from the default “jnAccel” to “MS-WSMAN”. This particular change is needed for Lync 2010/2013 reverse proxy.

 

Section 2:

[jetnexusdaemon-Csm-Rules]

This section contains the custom server monitoring rules that are normally configured from the web console here.

Example:

  • [jetnexusdaemon-Csm-Rules-0]
  • Content=”Server Up”
  • Desc=”Monitor 1″
  • Method=”CheckResponse”
  • Name=”Health Check- Is Server Up”
  • Url=”http://demo.jetneus.com/healthcheck/healthcheck.html”

 

Section 3:

[jetnexusdaemon-LocalInterface]

This section contains all of the details in the IP Services section. Each interface is numbered and contains subinterfaces for each channel. If your channel has a flightPATH rule applied then it will also contain a Path section too.

Example:

  • [jetnexusdaemon-LocalInterface1]
  • 1.1=”443″
  • 1.2=”104″
  • 1.3=”80″
  • 1.4=”81″
  • Enabled=1
  • Netmask=”255.255.255.0″
  • PrimaryV2=”{A28B2C99-1FFC-4A7C-AAD9-A55C32A9E913}”
  • [jetnexusdaemon-LocalInterface1.1]
  • 1=”>,””Secure Group””,2000,”
  • 2=”192.168.101.11:80,Y,””IIS WWW Server 1″””
  • 3=”192.168.101.12:80,Y,””IIS WWW Server 2″””
  • AddressResolution=0
  • CachePort=0
  • CertificateName=”default”
  • ClientCertificateName=”No SSL”
  • Compress=1
  • ConnectionLimiting=0
  • DSR=0
  • DSRProto=”tcp”
  • Enabled=1
  • LoadBalancePolicy=”CookieBased”
  • MaxConnections=10000
  • MonitoringPolicy=”1″
  • PassThrough=0
  • Protocol=”Accelerate HTTP”
  • ServiceDesc=”Secure Servers VIP”
  • SNAT=0
  • SSL=1
  • SSLClient=0
  • SSLInternalPort=27400
  • [jetnexusdaemon-LocalInterface1.1-Path]
  • 1=”6″

Section 4:

[jetnexusdaemon-Path]

This section contains all of the flightPATH rules. It is important that the numbers match what has been applied to the interface. In the example above we see that flightPATH rule “6” has been applied to the channel so we will include this as an example below.

Example:

  • [jetnexusdaemon-Path-6]
  • Desc=”Force to use HTTPS for certain directory”
  • Name=”Gary – Force HTTPS”
  • [jetnexusdaemon-Path-6-Condition-1]
  • Check=”contain”
  • Condition=”path”
  • Match=
  • Sense=”does”
  • Value=”/secure/”
  • [jetnexusdaemon-Path-6-Evaluate-1]
  • Detail=
  • Source=”host”
  • Value=
  • Variable=”$host$”[jetnexusdaemon-Path-6-Function-1]
  • Action=”redirect”
  • Target=”https://$host$$path$$querystring$”
  • Value=

 

CONTACT US

We're not around right now. But you can send us an email and we'll get back to you, asap.

Sending

Log in with your credentials

or    

Forgot your details?