Part 14 – VMware NSX Edge Load Balancer SSL Offloading

Loading

Load balancing allows access to multiple servers using a single VIP address. Load balancer gives an equal distribution of load across the backend servers and also provides higher HA than using a single server.

Blog Series

Terminologies

  • VIP – Its a virtual P address plus a port to access the service eg : 192.168.10.5:80
  • Backend pool – List of servers providing a service eg: webservers
  • Service Monitor – Health check parameters for a service eg : ping checks
  • Application Profile – Defines Service behaviour ( eg: Session Persistence )

NSX Load Balancer Layout

Our web servers are defined under the load balancer as per this diagram

We have validated in the previous post our webservers are working via the loadbalancer VIP address

Enable SSL PassThrough and SSL Offloading

SSL Pass-through means the certificate is passed to the backend server and this takes care of the certificate.

SSL Offloading means the load balancer hands all certificate stuff.

Generate a CSR request using this procedure

We have generated a certificate as shown

Go to LoadBalancer > Application Profiles

Chanage Application Profile type to https

On the Client SSLtab, select the certificate we generated

Finally we now need to go to our Virtual Servers and change the protocol to use https instead of http

Change protocol to https

Browse and check if our webUI shows https://UI

Conclusion

In the next post, we will deploy a one-Arm Load balancer

(Visited 1,193 times, 1 visits today)

By Ash Thomas

Ash Thomas is a seasoned IT professional with extensive experience as a technical expert, complemented by a keen interest in blockchain technology.

Leave a Reply