A10 AX Series Deployment Manual
  1. Manuals
  2. Brands
  3. A10 Manuals
  4. Switch
  5. AX Series
  6. Deployment manual

A10 AX Series Deployment Manual

For sharepoint 2010
Hide thumbs Also See for AX Series:
Table of Contents

Advertisement

Quick Links

Deployment Guide
AX Series for SharePoint 2010
DG_ACC_062011.1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the AX Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for A10 AX Series

Summary of Contents for A10 AX Series

  • Page 1 Deployment Guide AX Series for SharePoint 2010 DG_ACC_062011.1...

  • Page 2: Table Of Contents

    Deployment Guide Overview ......................... 5 Deployment Guide Prerequisites ......................6 AX Deployment for SharePoint 2010 Server Roles ................7 Accessing the AX Series Load Balancer ....................7 SharePoint 2010 Recommended Installation Procedures ..............8 Architecture Overview ..........................9 Basic AX Configuration For SharePoint ....................10 Server Configuration ........................
  • Page 3 AX Series for SharePoint 2010 Deployment Guide On the virtual server, change the service type of the virtual port from “TCP” to “HTTPS” and 9.1.3 apply the new client and server SSL template ..................27 SSL Offload ..........................29 9.2.1 Change the Port Numbers in the Service Group ..............
  • Page 4 AX Series for SharePoint 2010 Deployment Guide 9.7.3 Apply AFLEX Script to VIP ...................... 45 9.7.4 Validate AFLEX Service ......................46 Summary and Conclusion ....................... 47 Appendix ............................48 11.1 AX Series CLI sample configurations: ..................48...

  • Page 5: Introduction

    This document shows how an A10 Networks AX Series device can be deployed with Microsoft SharePoint 2010. The tested solution is based on an AX Series device load balancing two (2) SharePoint Web Front End (WFE) servers. The WFE servers will be referred to as web servers (WS) in the next chapters.

  • Page 6: Deployment Guide Prerequisites

    If the SharePoint servers are accessed from internal and external clients, the network topology has to be deployed in one-arm mode configuration. Note: For additional deployment modes that the AX Series device can support, please visit the following URL:...

  • Page 7: Ax Deployment For Sharepoint 2010 Server Roles

    Figure 1: SharePoint Server Role Matrix ACCESSING THE AX SERIES LOAD BALANCER This section describes how to access the AX Series device. The AX can be accessed either from a Command Line Interface (CLI) or Graphical User Interface (GUI): ...

  • Page 8: Sharepoint 2010 Recommended Installation Procedures

    Note: For additional information on how to configure AAM refer to: http://technet.microsoft.com/en-us/library/cc263208(office.12).aspx 6. Test the SharePoint site to verify that it is accessible, and then deploy the AX Series device. Note: If you have an existing SharePoint 2010 Server already installed, you can skip the SharePoint 2010...

  • Page 9: Architecture Overview

    AX Series for SharePoint 2010 Deployment Guide ARCHITECTURE OVERVIEW Figure 2: SharePoint 2010 Deployment Topology...

  • Page 10: Basic Ax Configuration For Sharepoint

    Basic SharePoint Configuration Figure 3: Basic SharePoint Configuration The simplest configuration uses the AX series device to load balance SharePoint traffic using a secured HTTPS connection. The WFE are the only servers that are load balanced by the AX. This is because Microsoft SharePoint 2010 has its own built-in redundancy and load balancing mechanism on the backend servers.

  • Page 11: Server Configuration

    AX Series for SharePoint 2010 Deployment Guide SERVER CONFIGURATION This section demonstrates how to configure the SharePoint webservers in the AX Series. 1. Navigate to Config Mode > SLB > Server. 2. Click Add to add a new server. 3. Within the Server section, enter the following required information.

  • Page 12: Health Monitor Configuration

    7. Click OK and then click Save to store your configuration changes. HEALTH MONITOR CONFIGURATION The AX series automatically initiate the health status checks of real servers (ICMP) and service ports (TCP Health Check). This provides clients assurance that all request go to functional and available servers.

  • Page 13: Service Group Configuration

    AX Series for SharePoint 2010 Deployment Guide Figure 6: Health Monitor Configuration SERVICE GROUP CONFIGURATION This section demonstrates how to configure the SharePoint webservers in a service group. A service group contains a set of real servers from which the AX device can select to service client requests. A service group supports multiple SharePoint real servers as one logical server.
  • Page 14 AX Series for SharePoint 2010 Deployment Guide Figure 7: Service Group Configuration 4. Navigate to Config Mode > Service > SLB > Service Group. 5. In the Server section of the window, add one or more servers from the server drop-down list: ...

  • Page 15: Virtual Server Configuration

    AX Series for SharePoint 2010 Deployment Guide VIRTUAL SERVER CONFIGURATION This section demonstrates how to configure the VIP with the AX Series. Adding the virtual server ports within the AX Series will generate a virtual service list based on the protocol type selected.
  • Page 16 AX Series for SharePoint 2010 Deployment Guide Figure 10: Virtual Server Port Configuration Figure 11: Virtual Port Lists Figure 12: Virtual Services Overview 6. Click OK and then click Save to store your configuration changes.

  • Page 17: Source Ip Persistence

    AX Series for SharePoint 2010 Deployment Guide SOURCE IP PERSISTENCE The AX series can support different modes of persistence; such as Cookie persistence, Destination IP persistence, Source IP persistence, and SSL session ID persistence. The purpose of persistence is to direct traffic from the same client to the same server.

  • Page 18: Apply Ip Persistence To The Vip

    AX Series for SharePoint 2010 Deployment Guide Figure 14: Source IP Persistence Overview 6. Click OK and then click Save to store your configuration changes. 8.5.2 APPLY IP PERSISTENCE TO THE VIP To assign the template to the VIP: 1. Navigate to Config Mode > Service > SLB > Virtual Server Port.

  • Page 19: Create Ip Source Nat Template

    AX Series for SharePoint 2010 Deployment Guide Figure 16: IP Source NAT and traffic flow overview 8.6.1 CREATE IP SOURCE NAT TEMPLATE 1. Navigate to Config Mode >Service> IP Source NAT. 2. Click Add. 3. Enter IP Source NAT Name: “SNAT”.

  • Page 20: Apply Ip Source Nat To The Vip

    AX Series for SharePoint 2010 Deployment Guide Figure 17: IP Source NAT Configuration 7. Click OK and then click Save to store your configuration changes. Note: Apply the SNAT template to the Virtual Server Port. If the SharePoint environment will consist of many concurrent users, it is advisable to configure multiple SNAT IP addresses.

  • Page 21: Validate Service

    AX Series for SharePoint 2010 Deployment Guide VALIDATE SERVICE To validate that the basic configuration is functioning correctly, do the following: 1. Navigate to Monitor Mode> Service >SLB> Virtual Server. 2. Check that the Status states is green: Figure 19: Virtual Server status 3.

  • Page 22: Advanced Ax Features For Sharepoint

    9.1.1 IMPORT EXISTING SHAREPOINT WEBSERVER SSL CERT OR CREATE SELF-SIGNED CA FROM THE AX There are two options to configure when installing an SSL template from the AX Series either:  Option 1: Generate a Self-Signed CA from the AX: Self-signed CA is generated from the AX Series.
  • Page 23  Key Size (Bits): “2048” Note: The AX Series device can support 512, 1028, 2048, and 4096. The higher the bit size, the more CPU processing will be required from the AX. 5. Click OK and then click Save to store your configuration changes.
  • Page 24 AX Series for SharePoint 2010 Deployment Guide Figure 21: Client SSL Certificate Creation...
  • Page 25 AX Series for SharePoint 2010 Deployment Guide 9.1.1.2 OPTION 2: IMPORT SSL CERTIFICATE AND KEY Before beginning this procedure, export your certificate and key from your IIS server on your PC. 1. Navigate to Config Mode > SSL Management > Certificate.

  • Page 26: Create One Client And One Server Ssl Template

    AX Series for SharePoint 2010 Deployment Guide 9.1.2 CREATE ONE CLIENT AND ONE SERVER SSL TEMPLATE 9.1.2.1 CREATE CLIENT SSL TEMPLATE This section describes how to configure a client SSL template and apply it to the VIP. 1. Navigate to Config Mode > Service > Template > SSL > Client SSL.

  • Page 27: On The Virtual Server, Change The Service Type Of The Virtual Port From "Tcp" To "Https" And Apply The New Client And Server Ssl Template

    AX Series for SharePoint 2010 Deployment Guide 9.1.2.2 CREATE SERVER SSL TEMPLATE This section describes how to configure a server SSL template and apply it to the VIP. 1. Navigate to Config Mode > Service > Template > SSL > Server SSL.
  • Page 28 AX Series for SharePoint 2010 Deployment Guide Figure 25: Update Virtual Service type 5. Click OK and then click Save to store your configuration changes. 9.1.3.2 APPLY THE NEW CLIENT AND SERVER SSL TEMPLATE Once the Client and Server SSL template is completed, you must bind the Client and Server SSL to the HTTPS VIP (Port 443), as follows: 1.

  • Page 29: Ssl Offload

    AX Series for SharePoint 2010 Deployment Guide 6. Click OK and then click Save to store your configuration changes. SSL OFFLOAD SSL Offload acts as an acceleration feature by removing the burden of processing SSL traffic from the SharePoint web servers. Instead of having the SharePoint servers handling these transactions, the AX Series decrypts traffic and forwards the traffic to the SharePoint Server via (unsecured) HTTP.

  • Page 30: Change The Port Numbers In The Service Group

    AX Series for SharePoint 2010 Deployment Guide 9.2.1 CHANGE THE PORT NUMBERS IN THE SERVICE GROUP 1. Navigate to Config Mode > Service > SLB > Service Group. 2. Click the name of the service group created during basic configuration.

  • Page 31: Validate The Deployment

    AX Series for SharePoint 2010 Deployment Guide Figure 30: Client only SSL Binding 5. Click OK and then click Save to store your configuration changes. 9.2.3 VALIDATE THE DEPLOYMENT To validate that SSL Offload is working, navigate to Monitor Mode > Service > Application > SSL.

  • Page 32: Compression

    AX Series for SharePoint 2010 Deployment Guide COMPRESSION Compression is a bandwidth optimization feature that condenses the HTTP objects that are requested from a web server. The purpose of compression is to transmit the requested data more efficiently(less data transmitted) and faster response times to the client.
  • Page 33 AX Series for SharePoint 2010 Deployment Guide Note: The AX device offers various compression levels, ranging from levels 1 to 9. Level 1 is the recommended compression setting. Figure 34: Compression Configuration Column 5. Click OK and then click Save to store your configuration changes.

  • Page 34: Apply Http Compression Template To Vip

    AX Series for SharePoint 2010 Deployment Guide 9.3.2 APPLY HTTP COMPRESSION TEMPLATE TO VIP To apply the compression template within the Virtual Server Port, 1. Navigate to Config Mode > SLB > Virtual Server. 2. Click on the Virtual Server name.

  • Page 35: Validate The Deployment

    AX Series for SharePoint 2010 Deployment Guide 9.3.3 VALIDATE THE DEPLOYMENT You can validate that the AX Series device is compressing the data by navigating to Monitor Mode > Service > Application > HTTP. Figure 36: Compression Statistics (Before and After) COOKIE PERSISTENCE Cookie persistence provides granularity in comparison to Source IP persistence.

  • Page 36: Apply Cookie Persistence Template To Vip

    AX Series for SharePoint 2010 Deployment Guide Figure 37: Cookie Persistence Template 4. Click OK and then click Save to store your configuration changes. Once you have finished configuring the template, the template appears in Cookie Persistence template list. 9.4.2 APPLY COOKIE PERSISTENCE TEMPLATE TO VIP To apply cookie persistence to the VIP: 1.

  • Page 37: Validating The Deployment

    Figure 39: Cookie Persistent Monitor CONNECTION REUSE (TCP OFFLOAD) The AX Series Connection Reuse feature reduces the overhead associated with TCP connection setup by establishing TCP connections with SharePoint web servers and then reusing those connections for multiple client requests. This reduces the total number of TCP connections to each SharePoint WFE server.

  • Page 38: Create Connection Reuse Template

    AX Series for SharePoint 2010 Deployment Guide Figure 41: Connection Reuse Setup 9.5.1 CREATE CONNECTION REUSE TEMPLATE 1. Navigate to Config Mode> Template > Connection Reuse. 2. Click Add. 3. Enter the Name: “SharePoint Connection”. 4. Click OK and then click Save to store your configuration changes.

  • Page 39: Apply Connection Reuse And Snat To Vip

    AX Series for SharePoint 2010 Deployment Guide 9.5.3 APPLY CONNECTION REUSE AND SNAT TO VIP To apply connection reuse within the VIP: 1. Navigate to Config Mode > SLB > Virtual Server. 2. Click on the Virtual Server name. 3. Select “443” and click Edit.

  • Page 40: Validate The Deployment

    Figure 45. RAM CACHING Cacheable data is cached within the AX Series device, thus reducing overhead on each WFE servers, and increasing the capacity of the SharePoint servers. RAM caching reduces the number of connections and server requests that need to be processed.

  • Page 41: Create Ram Caching Template

    Note: The RAM caching policy option is not required unless you have specific data that requires caching, no caching or invalidate. These policy options can be configured in the policy form of the RAM Caching template. For additional information on RAM caching policy, please refer to the AX Series System Configuration and Administration Guide.

  • Page 42: Apply Ram Caching Template On Vip

    AX Series for SharePoint 2010 Deployment Guide 9.6.2 APPLY RAM CACHING TEMPLATE ON VIP To apply the RAM caching template within the Virtual Server Port: 1. Navigate to Config Mode > SLB > Virtual Server. 2. Click on the Virtual Server name.

  • Page 43: Securing Sharepoint Via Aflex

    AX Series for SharePoint 2010 Deployment Guide SECURING SHAREPOINT VIA AFLEX This section of the deployment guide explains how to redirect SharePoint traffic that comes from HTTP to HTTPS using the AX aFleX scripts. aFleX is based on a standard scripting language, TCL, and it enables the load balancer to perform Layer 7 deep-packet inspection (DPI).
  • Page 44 AX Series for SharePoint 2010 Deployment Guide Figure 51: aFleX Redirect Configuration Redirect Script Copy and Paste: when HTTP_REQUEST { HTTP::redirect https://[HTTP::host][HTTP::uri] The aFleX script must be bound to Virtual Server Port 80.

  • Page 45: Configure Vip With Http/Port 80

    AX Series for SharePoint 2010 Deployment Guide 9.7.2 CONFIGURE VIP WITH HTTP/PORT 80 1. Navigate to Config Mode > Service > SLB > Virtual Server. 2. “Select” VIP Name and click “edit”. 3. In the port section, click “Add” 4. Select Type: “HTTP”...

  • Page 46: Validate Aflex Service

    AX Series for SharePoint 2010 Deployment Guide 9.7.4 VALIDATE AFLEX SERVICE To verify that the aFleX script is working, open a web browser and navigate to “http://example.com”. The browser will accept the URL request and client URL address will change from “http://example.com” to “https:example.com”.

  • Page 47: Summary And Conclusion

     Improve site performance and reliability to end users By using the AX Series Advanced Traffic Manager, significant benefits are achieved for all Microsoft SharePoint 2010 users. For more information about AX Series products, please refer to the following URLs: http://a10networks.com/products/axseries.php...

  • Page 48: Appendix

    AX Series for SharePoint 2010 Deployment Guide 11 APPENDIX 11.1 AX SERIES CLI SAMPLE CONFIGURATIONS: SharePoint Basic Configuration in “one-arm mode”: basicconfig-ax1#show run interfaces management enable hostname basicconfig-ax1 clock timezone Europe/Dublin interface management ip address 192.168.18.41 255.255.255.0 ip nat pool SNAT 172.16.1.250 172.16.1.250 netmask /24 health monitor "SharePoint HC"...
  • Page 49 AX Series for SharePoint 2010 Deployment Guide name _172.16.1.200_TCP_443 source-nat pool SNAT service-group "SharePoint Servers" template persist source-ip "IP Persistence" SharePoint configuration with all advanced options in “one-arm mode” advconfig-ax2#show run interfaces management enable hostname advconfig-ax2 clock timezone Europe/Dublin interface management ip address 192.168.18.41 255.255.255.0...
  • Page 50 AX Series for SharePoint 2010 Deployment Guide slb template connection-reuse "SharePoint Connection" slb template cache "SharePoint RAM Caching" max-content-size 4194303 min-content-size 10 slb template http HTTP Compression compression enable compression minimum-content-length 120 slb template client-ssl Client-SSL-WS cert WS key WS slb template persist cookie "SharePoint Cookie"...

Table of Contents

Save PDF