...
| Table of Contents |
|---|
Import SSL Cert
If you are securing your DualShield Servers va are SSL enabled then you will need to import your the DualShield's SSL certificates to the LoadMaster
Log into Kemp LoadMaster console and Navigate to "Certificate & Security> SSL Certificates" :
Click "Import Certificate" button on the top right.
Here you can import your private/public key, or upload a PFX file.
...
Once you Save the Certificate file, please select it from the drop down and then click on Use Certificate.For my test I am just using the inbuilt Self Signed.
In the example below, a self-signed cert is being used:
Create Virtual Services with TLS Termination
A DualShield server hosts a number of services. Each services service works on a specific port. Below is a list of DualShield services and their port numbers:
| Service Name | Port | Short Name |
|---|---|---|
| Administration | 8070 | |
| Authentication | 8071 | |
| Provision | 8072 | DPS |
| Management Console | 8073 | DMC |
| SSO Service | 8074 | SSO |
| SSO Management | 8075 | |
| Self-Service Console | 8076 | DSS, DSC |
For my example I am In this example, we're going to create a Virtual Service for Ports on ports 8073 and 8074 .Tha for the Administration/Management Console and Single Sign-on Portsservices, respectively.
Navigate to "Virtual Services > View/Modify Services".
Click "Add New" from either in the main menu or within View/Modify Services screen
...
Now specify the Virtual IP address you wish to use, The Port number (In my this example I shall we use Port port 8073) and the Protocal will be TCP
...
Basic Properties set the Service type to HTTP-HTTPS/2-HTTPS (see picture above)
Standard Options set set Mode in Persitance Persistence Options to Source IP (See picture below)
SSL Properties , enable SSL Accelration and check Reencrypt.In the SSL Properties section, enable the SSL Acceleration and Reencrypt option.
In the Certificates section Highlight , highlight the certificate you imported earlier and move it accross across to the box on the right hand box, then click Set Certificates.
Advanced Properties in the section Add HTTP Headers In the Advanced Properties section, select X-Forwarded-For (No Via) From the Add HTTP Headers drop down list
In the Real Servers . Click on teh section, click on the Add New Button
Type the IPv4 Address of the Primary DualShield Server
The Port Port should have autocompleted with the port number you specified when creating the virtual service (see above) If it doesn't please add the port number you are referring to.
...
Click OK on the confirmation message at that appears at the top. Repeat the process to Add add the IP address of the Secodary the Secondary DualShield Server.
The configured Real Servers will appear on the bottom left hand side.
Once completed click on on the Back button. The list of real IP's will appear as below.
...
Repeat the steps above, again to add another Virtual Service tied to another Port.
In my this example I , we have only added Services for ports 8073 and 8074.
...
Modify your DNS entry so that the IP for your DualShield Server's FQDN points to the virtual IP you set up in Kemp Load MasterLoadMaster.