In this deployment example, Secure Socket Layer (SSL) termination at Load Balancer 3 increases the performance at the server level, and simplifies SSL certificate management. Clients will access Load Balancer 3 using SSL-encrypted data. Load Balancer 3 decrypts the data and then sends the unencrypted data on to the Access Manager server. The Access Manager server or Authentication UI server does not have to perform decryption, and the burden on its processor is relieved. Load Balancer 3 then load-balances the decrypted traffic to the appropriate Access Manager server. Finally, Load Balancer 3 encrypts the responses from server, and sends encrypted responses to the client.
Load Balancer 3 sends the user and agent requests to the server where the session originated. SSL is terminated at Load Balancer 3 before a request is forwarded to the Access Manager Servers. Otherwise the load balancer cannot inspect the traffic for proper routing.
In this deployment example, you set up a proxy server using BIG-IPTM hardware and software.
Configure the new proxy service.
Log in to the BIG-IP load balancer using the following information:
Click the link “Configure your BIG-IP using the Configuration Utility.”
In the load balancer console, in the left pane, click Proxies.
On the Proxies tab, click Add.
In the Add Proxy dialog, provide the following information:
Check the SSL checkbox.
xxx.xx.69.14 (The IP address of Load Balancer 3, the Access Manager server load balancer.)
9443 (The port number of the new proxy you are setting up.)
Choose Local Virtual Server.
Check this checkbox.
In the Rewrite Redirects field, choose Matching.
The new proxy server is now added to the Proxy Server list.
Verify that you can access the Access Manager server using the new proxy server port number.
Open a browser, and go to the following URL:
A message may be displayed indicating that the Access Manager server doesn't recognize the certificate issuer. When this happens, install the root Certificate Authority certificate in the browser so that the browser recognizes the certificate issuer. See your browser's online help system for information on installing a root CA certificate.
Log out of Access Manager, and close the browser.