Deploying F5 with Microsoft Windows Server 2008

9 downloads 7086 Views 592KB Size Report
Synchronizing the BIG-IP configuration if using a redundant system . ... Deploying the BIG-IP LTM and Microsoft Windows Server 2008 Terminal Services. Prerequisites ..... Express, see http://www.f5.com/pdf/white-papers/tcpexpress-wp. pdf.
DEPLOYMENT GUIDE

DEPLOYING F5 WITH MICROSOFT WINDOWS SERVER 2008 Important: This guide has been archived. While the content in this guide is still valid for the products and versions listed in the document, it is no longer being updated and may refer to F5 or third party products or versions that have reached end-of-life or end-of-support. For a list of current guides, see https://f5.com/solutions/deployment-guides.

Table of Contents

Table of Contents Deploying F5 with Microsoft Windows Server 2008 Prerequisites and configuration notes ..............................................................................1-1

Deploying F5 with Microsoft IIS 7.0 Prerequisites and configuration notes ..............................................................................1-2 Configuration example .........................................................................................................1-3 Configuring the BIG-IP LTM system for IIS 7.0 ..........................................................1-4 Creating the HTTP health monitor ...................................................................................1-4 Creating the pool ...................................................................................................................1-5 Creating profiles .....................................................................................................................1-7 Creating the virtual server ............................................................................................... 1-11 Configuring the BIG-IP LTM to offload SSL from IIS 7.0 .................................... 1-14 Using SSL certificates and keys ........................................................................................ 1-14 Creating a Client SSL profile ............................................................................................ 1-15 Creating the Redirect iRule .............................................................................................. 1-15 Modifying the HTTP virtual server ................................................................................. 1-16 Creating the HTTPS virtual server ................................................................................. 1-17 Synchronizing the BIG-IP configuration if using a redundant system ............................... 1-18 Appendix A: Configuring the F5 WebAccelerator with Microsoft IIS 7.0 .. 1-19 Prerequisites and configuration notes ........................................................................... 1-19 Configuration example ...................................................................................................... 1-19 Configuring the WebAccelerator module .................................................................... 1-20 Connecting to the BIG-IP LTM device ........................................................................... 1-20 Creating an HTTP Class profile ...................................................................................... 1-20 Modifying the Virtual Server to use the Class profile ................................................ 1-22 Creating an Application ..................................................................................................... 1-23

Deploying the BIG-IP LTM and Microsoft Windows Server 2008 Terminal Services Prerequisites and configuration notes ..............................................................................2-1 Configuration example .........................................................................................................2-3 Configuring the BIG-IP LTM with Windows Server 2008 Terminal Services, including RemoteApp ..........................................................................................2-5 Connecting to the BIG-IP LTM device ..............................................................................2-5 Creating the TCP health monitor ......................................................................................2-6 Creating the pool ...................................................................................................................2-7 Creating profiles .....................................................................................................................2-9 Creating the virtual server ............................................................................................... 2-11 Deploying the BIG-IP LTM for internal users of Windows Terminal services .... 2-13 Configuring the BIG-IP LTM system for deployment with the Gateway server role .............................................................................................................. 2-14 Prerequisites and configuration notes ........................................................................... 2-14 Connecting to the BIG-IP LTM device ........................................................................... 2-15 Importing keys and certificates ........................................................................................ 2-16 Creating the HTTP health monitor ................................................................................ 2-16 Creating the pool ................................................................................................................ 2-17 Creating the iRule ............................................................................................................... 2-19 Creating profiles .................................................................................................................. 2-19 Creating the virtual server ............................................................................................... 2-23 Configuring the BIG-IP LTM system with the Web Access server role ...... 2-24 Importing keys and certificates ........................................................................................ 2-24 Creating the HTTP health monitor ................................................................................ 2-24 Creating the pool ................................................................................................................ 2-25 F5 Deployment Guide

i

Table of Contents

Creating profiles .................................................................................................................. 2-26 Creating the virtual server ............................................................................................... 2-29 Synchronizing the BIG-IP configuration if using a redundant system ...................... 2-31 Appendix A: Backing up and restoring the BIG-IP LTM system configuration .............. 2-32 Backing up and restoring the BIG-IP LTM configuration ........................................... 2-32

Deploying the BIG-IP LTM with Microsoft Secure Socket Tunneling Protocol Prerequisites and configuration notes ..............................................................................3-1 Configuration example .........................................................................................................3-2 Deploying the BIG-IP LTM in a basic configuration for SSTP .............................3-3 Creating the HTTP health monitor ...................................................................................3-4 Creating the pool ...................................................................................................................3-5 Using SSL certificates and keys ...........................................................................................3-7 Creating profiles .....................................................................................................................3-7 Creating the virtual server ............................................................................................... 3-11 Deploying the BIG-IP LTM in an advanced configuration for SSTP .............. 3-14 Creating the health monitor ............................................................................................ 3-14 Creating the pool ................................................................................................................ 3-14 Using SSL certificates and keys ........................................................................................ 3-14 Creating the profiles .......................................................................................................... 3-14 Creating the iRule ............................................................................................................... 3-15 Creating the virtual server ............................................................................................... 3-16 Synchronizing the BIG-IP configuration if using a redundant system ............................... 3-18

ii

1 Deploying F5 with Microsoft Windows Server 2008

• Deploying F5 with Microsoft Windows Server 2008 • Configuring the BIG-IP LTM system for IIS 7.0 • Configuring the BIG-IP LTM to offload SSL from IIS 7.0

This guide has been archived. For a list of current guides, see https://f5.com/solutions/deployment-guides

Deploying F5 with Microsoft Windows Server 2008 Welcome to the F5 Deployment Guide for Microsoft Windows Server 2008. This guide gives you step-by-step configuration procedures for deploying F5 products with Windows Server 2008, specifically the Terminal Services and Internet Information Services components. According to Microsoft, Microsoft Windows Server 2008 is the most advanced Windows Server operating system yet, designed to power the next-generation of networks, applications, and Web services. With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications, provide a secure network infrastructure, and increase technological efficiency and value within your organization. For more information on Microsoft Windows Server 2008, see http://www.microsoft.com/windowsserver2008/default.mspx For more information on F5 products, see http://www.f5.com/products/. This Deployment Guide is broken into the following sections: • Deploying F5 with Microsoft IIS 7.0, on page 1-2. Includes configuration for the BIG-IP LTM and WebAccelerator • Deploying the BIG-IP LTM system and Microsoft Windows Server 2008 Terminal Services, on page 2-1. Includes configuration for BIG-IP LTM and Windows Server 2008 Terminal Services, including Terminal Server, Session Broker, Gateway Server, and Web Access Server.

Prerequisites and configuration notes The following are general prerequisites and configuration notes for deploying F5 with Windows Server 2008. Each section contains specific prerequisites.

1-1



For this Deployment Guide, the BIG-IP LTM system must be running version 9.0 or later. We strongly running version 9.4 or later. Some of the examples in this guide use profiles introduced in version 9.4. To use these profiles you must either be running LTM version 9.4, or refer to the Configuration Guide for BIG-IP Local Traffic Management for version 9.4 (available on AskF5), which shows the configuration differences between the base profiles and the optimized profile types.



We assume that the BIG-IP LTM device is already installed in the network, and objects like Self IPs and VLANs have already been created. For more information on configuring these objects, see the BIG-IP LTM manuals.

Deploying F5 with Microsoft Windows Server 2008

Deploying F5 with Microsoft IIS 7.0 F5's BIG-IP system can increase the existing benefits of deploying Microsoft's Internet Information Services (IIS) to provide enterprises, managed service providers, and e-businesses an easy-to-use solution for deploying, managing and securing global and local area traffic. The BIG-IP Local Traffic Manager (LTM), combined with the WebAccelerator module, provides a number of ways to accelerate, optimize, and scale Microsoft IIS deployments. When BIG-IP LTM relieves IIS 7.0 servers from tasks such as compression, caching, and SSL processing, each server is able to devote more resources to running applications and can service more user requests. For WebAccelerator configuration, see Appendix A: Configuring the F5 WebAccelerator module with Microsoft IIS 7.0, on page 1-19. The BIG-IP system's TCP Express feature set incorporates the latest TCP/IP technologies, including full IPv6 support, ensuring compatibility with Microsoft's next-generation TCP/IP stack. For more information on TCP Express, see http://www.f5.com/pdf/white-papers/tcpexpress-wp.pdf. For information on Microsoft’s updated TCP/IP stack, see http://technet.microsoft.com/en-us/network/bb545475.aspx.

Prerequisites and configuration notes All of the procedures in this Deployment Guide are performed on the BIG-IP system. The following are prerequisites for this solution:

F5 Deployment Guide



We recommend the latest version of Microsoft IIS. This Deployment Guide has been tested with IIS 7.0, which ships with Microsoft Windows Server 2008.



Again, the BIG-IP LTM system must be running version 9.0 or later. We strongly running version 9.4 or later. Some of the examples in this guide use profiles introduced in version 9.4. To use these profiles you must either be running LTM version 9.4, or refer to the Configuration Guide for BIG-IP Local Traffic Management for version 9.4 (available on AskF5), which shows the configuration differences between the base profiles and the optimized profile types.



If you are using the BIG-IP LTM system to offload SSL traffic from the IIS servers, you must already have obtained an SSL Certificate (but not necessarily installed it on the BIG-IP LTM system). For more information about offloading SSL traffic, see Configuring the BIG-IP LTM to offload SSL from IIS 7.0, on page 1-14.

1-2

Configuration example In this Deployment Guide, the BIG-IP system is optimally configured to optimize and direct traffic to IIS servers. Figure 1 shows a logical configuration example with a redundant pair of BIG-IP LTM devices running the WebAccelerator module, in front of a group of IIS servers.

Internet

Firewalls

BIG-IP Local Traffic Manager

WebAccelerator Available as a module on the BIG-IP LTM

Microsoft IIS 7.0 Servers

Figure 1 Logical configuration example

1-3

Deploying F5 with Microsoft Windows Server 2008

Configuring the BIG-IP LTM system for IIS 7.0 To configure the BIG-IP LTM system to load balance IIS servers, you need to complete the following tasks: • Creating the HTTP health monitor • Creating the pool • Creating profiles • Creating the virtual server • Configuring the BIG-IP LTM to offload SSL from IIS 7.0 (optional)

Creating the HTTP health monitor The first step is to set up health monitors for the IIS devices. This procedure is optional, but very strongly recommended. In our example, we create a simple HTTP health monitor. Although the monitor in the following example is quite simple, you can configure optional settings such as Send and Receive Strings to make the monitor much more specific.

To create a health monitor 1. On the Main tab, expand Local Traffic, and then click Monitors. 2. Click the Create button. The New Monitor screen opens. 3. In the Name box, type a name for the Monitor. In our example, we type iis-http-monitor. 4. From the Type list, select http. 5. In the Configuration section, in the Interval and Timeout boxes, type an Interval and Timeout. We recommend at least a 1:3 +1 ratio between the interval and the timeout (for example, the default setting has an interval of 5 and an timeout of 16). In our example, we use a Interval of 30 and a Timeout of 91 (see Figure 2).

F5 Deployment Guide

1-4

6. In the Send String and Receive Rule sections, you can add a Send String and Receive Rule specific to the device being checked.

Figure 2 Creating the HTTP Monitor

7. Click the Finished button. The new monitor is added to the Monitor list.

Creating the pool The first step is to define a load balancing pool for the IIS servers. A BIG-IP pool is a set of devices grouped together to receive traffic according to a load balancing method. This pool uses the monitor you just created.

To create the IIS pool 1. On the Main tab, expand Local Traffic, and then click Pools. The Pool screen opens. 2. In the upper right portion of the screen, click the Create button. The New Pool screen opens. 3. In the Name box, type a name for your pool. In our example, we use iis-http-pool.

1-5

Deploying F5 with Microsoft Windows Server 2008

4. In the Health Monitors section, select the name of the monitor you created in the Creating the HTTP health monitor section, and click the Add (