Go to URL for the Big IP load balancer login page and log in.
https://ls-f5.siroe.com
Log in using the following information:
username
password
Request an SSL Certificate for Load Balancer 11.
Log in to the BIG-IP load balancer.
Click Proxies in the left pane.
Click the Cert Admin tab, and then click the “Generate New Key Pair/ Certificate Request” button.
In the Create Certificate Request page, provide the following information:
LoadBalancer-11.siroe.com
siroe.com
LoadBalancer-11.siroe.com
jdoe@siroe.com
Click the Generate Request button.
In the Generate Request page, copy the request that looks similar to this:
-----BEGIN CERTIFICATE REQUEST----- UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAU AMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0 EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UEC xMlU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9u IEF1dGhvcml0eTAeFw0wMTA4MDIwMDAwMDBaFw0 wMzA4MDIyMzU5NTlaMIGQMQswCQYDVQQGEwJVUz ERMA8GA1UECBMIVmlyZ2luaWExETAPBgNVBAcUC FJpY2htb25kMSAwHgYDVQQKFBdDYXZhbGllciBU ZWxlcGhvYm9uZGluZy5jYXZ0ZWwuY29tMIGfMA0 GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8x/1dxo 2YnblilQLmpiEziOqb7ArVfI1ymXo/MKcbKjnY2 -----END CERTIFICATE REQUEST----- |
Paste this text into a request form provided by a root certificate authority (CA) such as Verisign or Thwarte.
See the certificate authority website such as http://www.verisign.com/ or http://www.thawte.com/ for detailed instructions on submitting a certificate request.
After you receive the certificate from the issuer, install the SSL Certificate.
In the BIG-IP load balancer console, click the Cert Admin tab.
On the Cert Admin tab, click Install Certificate.
In the Install SSL Certificate page, paste the certificate text you received from the certificate issuer. Example:
-----BEGIN CERTIFICATE REQUEST----- UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAU AMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0 EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UEC xMlU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9u IEF1dGhvcml0eTAeFw0wMTA4MDIwMDAwMDBaFw0 wMzA4MDIyMzU5NTlaMIGQMQswCQYDVQQGEwJVUz ERMA8GA1UECBMIVmlyZ2luaWExETAPBgNVBAcUC FJpY2htb25kMSAwHgYDVQQKFBdDYXZhbGllciBU ZWxlcGhvYm9uZGluZy5jYXZ0ZWwuY29tMIGfMA0 GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8x/1dxo 2YnblilQLmpiEziOqb7ArVfI1ymXo/MKcbKjnY2 -----END CERTIFICATE REQUEST----- |
Click Install Certificate.
Create a Pool.
A pool contains all the backend server instances.
Open the Configuration Utility.
Click “Configure your BIG-IP (R) using the Configuration Utility.”
In the left pane, click Pools.
On the Pools tab, click the Add button.
In the Add Pool dialog, provide the following information:
federation_web_agents
Round Robin
192.18.72.151:2080 (for Protected Resource 3)
192.18.72.152:2080 (for Protected Resource 4)
Click Done.
Configure the load balancer for simple persistence.
Add a Virtual Server.
If you encounter Javascript errors or otherwise cannot proceed to create a virtual server, try using Microsoft Internet Explorer for this step.
In the left frame, Click Virtual Servers.
On the Virtual Servers tab, click the Add button.
In the Add Virtual Server dialog box, provide the following information:
192.18.69.14 (for LoadBalancer-11.siroe.com )
5080
Click Next.
Continue to click Next until you reach the Select Physical Resources dialog box.
federation_web_agents
In the Pool Selection dialog box, assign the Pool (federation_web_agents) that you have just created.
Click the Done button.
Create proxies.
In the left frame, click Proxies.
On the Proxies tab, click Add.
In the Add Proxy page, provide the following information:
Mark the SSL checkbox.
192.18.69.14
6443
192.18.69.14
5080
LoadBalancer-11.siroe.com
LoadBalancer-11.siroe.com
LoadBalancer-11.siroe.com
LoadBalancer-11.siroe.com
Click Done.
Add Monitors.
Click the Monitors tab, and then click the Add button.
In the Add Monitor dialog provide the following information:
WebAgent-http
Choose http.
Click Next.
In the Configure Basic Properties page, click Next.
In the Configure ECV HTTP Monitor, in the Send String field, enter the following:
GET /launch.html
Click Next.
In the Destination Address and Service (Alias) page, click Done.
On the Monitors tab, the monitor you just added is now contained in the list of monitors.
Click the Basic Associations tab.
Look for the IP addresses for ProtectedResource-3:2080 and ProtectedResourece-4:1080.
Mark the Add checkbox for ProtectedResource-3 and ProtectedResource-4.
At the top of the Node column, choose the monitor that you just added, WebAgent-http.
Click Apply.