nsx-v Virtualization

Part 14 – VMware NSX Edge Load Balancer SSL Offloading

By Ash Thomas June 25, 2021 #NSX-V

Load balancing allows access to multiple servers using a single VIP address. Load balancer gives an equal distribution of load across the backend servers and also provides higher HA than using a single server.

Blog Series

Installing NSX-V 6.4

NSX-V Firewall Service Composer

Terminologies

VIP – Its a virtual P address plus a port to access the service eg : 192.168.10.5:80
Backend pool – List of servers providing a service eg: webservers

Service Monitor – Health check parameters for a service eg : ping checks
Application Profile – Defines Service behaviour ( eg: Session Persistence )

NSX Load Balancer Layout

Our web servers are defined under the load balancer as per this diagram

We have validated in the previous post our webservers are working via the loadbalancer VIP address

Enable SSL PassThrough and SSL Offloading

SSL Pass-through means the certificate is passed to the backend server and this takes care of the certificate.

SSL Offloading means the load balancer hands all certificate stuff.

Generate a CSR request using this procedure

We have generated a certificate as shown

Go to LoadBalancer > Application Profiles

Chanage Application Profile type to https

On the Client SSLtab, select the certificate we generated

Finally we now need to go to our Virtual Servers and change the protocol to use https instead of http

Change protocol to https

Browse and check if our webUI shows https://UI

Conclusion

In the next post, we will deploy a one-Arm Load balancer

(Visited 1,190 times, 1 visits today)

By Ash Thomas

Ash Thomas is a seasoned IT professional with extensive experience as a technical expert, complemented by a keen interest in blockchain technology.

Leave a Reply Cancel reply

You must be logged in to post a comment.