test

Deployment Example 1: Access Manager 7.1 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Create an SSL Proxy for SSL Termination on the Access Manager Load Balancer

Secure Socket Layer (SSL) termination at Load Balancer 3 increases performance on the Access Manager level, and simplifies SSL certificate management. Because Load Balancer 3 sends unencrypted data to the Access Manager server, it does not have to perform decryption, and the burden on its processor is relieved. Clients send SSL-encrypted data to Load Balancer 3 which, in turn, decrypts the data and sends the unencrypted data to the appropriate Access Manager server. Load Balancer 3 also encrypts responses from the Access Manager server, and sends these encrypted responses back to the client. Towards this end, you create an SSL proxy, the gateway for decrypting HTTP requests and encrypting the reply.

Note –

SSL communication is terminated at Load Balancer 3 before a request is forwarded to the Access Manager servers.

Before You Begin

Before creating the SSL proxy, you should have a certificate issued by a recognized CA.

  1. Access https://is-f5.example.com, the BIG-IP load balancer login page, in a web browser.

  2. Log in with the following information.

    User name:

    username

    Password:

    password

  3. Click Configure your BIG-IP (R) using the Configuration Utility.

  4. In the left pane, click Proxies.

  5. Under the Proxies tab, click Add.

  6. In the Add Proxy dialog, provide the following information.

    Proxy Type:

    Check the SSL checkbox.

    Proxy Address:

    The IP address of Load Balancer 3.

    Proxy Service:

    9443

    The secure port number

    Destination Address:

    The IP address of Load Balancer 3.

    Destination Service:

    7070

    The non-secure port number

    Destination Target:

    Choose Local Virtual Server.

    SSL Certificate:

    Choose LoadBalancer-3.example.com.

    SSL Key:

    Choose LoadBalancer-3.example.com.

    Enable ARP:

    Check this checkbox.

  7. Click Next.

  8. In the Rewrite Redirects field, choose Matching.

  9. Click Done.

    The new proxy server is added to the Proxy Server list.

  10. Log out of the load balancer console.

  11. Access https://LoadBalancer-3.example.com:9443/index.html from a web browser.

    If the Web Server index page is displayed, you can access the Web Server using the new proxy server port number and the load balancer is configured properly.

    Tip –

    A message may be displayed indicating that the browser doesn't recognize the certificate issuer. If this happens, install the CA root certificate in the browser so that the browser recognizes the certificate issuer. See your browser's online help system for information on installing a root CA certificate.

  12. Close the browser.