Re: [load balancing] LB and SSL termination advice needed

From: Iztok Umek <iztok [izzat] si-con.com>
Date: Sun Nov 30 2008 - 12:01:25 EST

Steve,

As someone else mentioned, you will have to use 500 IP addresses. That
by itself is not a problem, however if you have all go to the same set
of servers (same pool) in many LBs you will still need to define 500
virtual servers or virtual IPs. Configure them individually etc. despite
the fact that they have the same config (past the SSL cert).

Zeus ZXTM has the ability to use one Virtual Server and one Pool (of
servers/nodes) so you only do the configuration once. Then all you need
to do is assign 500 traffic IPs and link them to their respectful SSL
cert/key. So all the rest of the configuration is the same and if
changes are made you don't have to make them 500 times.

My 2 cents.

Steve Zohn wrote:
> Hello everyone,
>
> I am looking for advice and suggestions on a load balancer, a few weeks
> ago I asked about low end devices and received great and helpful
> feedback. We were leaning towards a couple of the Kemp boxes but our
> needs may be changing and I'm hope someone can provide some more
> insight.
>
> Currently we host a about 500 client websites which is actaully 6
> physical servers running a single IIS website that responsds to 500
> different client domains. In the past we have done very little with
> SSL, and that what we do do runs under a single unified domain, all nice
> and easy to manage.
>
> Now, however, we are looking at a new feature that may require SSL for
> many, if not all of the 500 domains. I'm trying to find the most cost
> effective way to manage this. Here are my questions:
>
> As I understand it, each Cert will require a dedicated public IP (so we
> will need at leat 500 IP's), is there any way around this? (wildcard
> certs will not work as these are not sub domains)
>
> I am thinking that I can do SSL termination loadbalancer or some other
> device so I only need one cert for each site instead of one for each
> server. The Kemp boxes have a limit of 255 certs per device, can anyone
> recommend devices that have a larger limit, tps and throughput which are
> normally provided as the measurement aren't that useful as these are
> mostly low traffic sites, but the number of sites is actually the
> limitation.
>
> Thanks for any suggestion or thoughts you may have.
>
>
> Steve
> _______________________________________________
> lb-l mailing list
> lb-l@vegan.net
> http://vegan.net/mailman/listinfo/lb-l
> Searchable Archive: http://vegan.net/lb/archive
> http://lbdigest.com Load Balancing Digest
> http://lbwiki.com Load Balancing Wiki
>
>

_______________________________________________
lb-l mailing list
lb-l@vegan.net
http://vegan.net/mailman/listinfo/lb-l
Searchable Archive: http://vegan.net/lb/archive
http://lbdigest.com Load Balancing Digest
http://lbwiki.com Load Balancing Wiki
Received on Sat Jan 10 20:41:49 2009

This archive was generated by hypermail 2.1.8 : Sat Jan 10 2009 - 20:41:50 EST