ssl cert instillation on two vm behind load balancer level 4

ElKavo

Hi Guys,

As the catchy title suggests... I am currently looking to install an ssl cert on my two vm's which sit behind a level 4 load balancer. So my question is, should i install the ssl at the end point on vm1 then export the key and import it to end point on vm2. or is it possible to install it on the load balancer therefore negating the need for multiple installs of ssl on vm's and also reducing the risk of down time should I need to add or remove vm's from the cluster?

Also I hope this is the correct location for post if not Mods please move as required.

Thanks

D

LoLth

I'm going to leave this open here for a little bit and see if you get a response. if there's nothing I'll move it to the security forum, maybe you'll get some ideas on the best practise side of things from a security standpoint.

ElKavo

Ok Great thanks, Just thought perhaps someone may know, I guess there is a limit to what the boardsies know.

Cheers

BioAndroid

Hi ElKavo,

I think you could implement this in a few different ways.

You could implement an SSL certificate on the Load Balancer as it is the gateway or entry point for you two VMs that you have behind it.

I would prefer to implement a cert on both of the load balanced nodes and also the Load Balancer. This would increase security between all nodes in the load balanced group.

Here is a great document for configuring SSO in a high availability configuration. These two SSO nodes are being load balanced and also the document runs through the implementation of SSL certs also. It's not too long and definitely worth a look.

evernote.com/l/AOzsmcxnlY1HO6sBteMdA84IqugPC68lYuk/

ElKavo

BioAndroid wrote: »

Hi ElKavo,

I think you could implement this in a few different ways.

You could implement an SSL certificate on the Load Balancer as it is the gateway or entry point for you two VMs that you have behind it.

I would prefer to implement a cert on both of the load balanced nodes and also the Load Balancer. This would increase security between all nodes in the load balanced group.

Here is a great document for configuring SSO in a high availability configuration. These two SSO nodes are being load balanced and also the document runs through the implementation of SSL certs also. It's not too long and definitely worth a look.

evernote.com/l/AOzsmcxnlY1HO6sBteMdA84IqugPC68lYuk/

Cheers Bioandroid, I'm well finished with it at this stage. Thanks for the info though. If anyone else is looking to do it your link will prove useful no doubt. But the link isnt active...

Thanks again, I ultimately went with ssl on all three portions. one on each node and one on load balancer. Then someone went and bought the thing LOL. Ah not to worry...;)

BioAndroid

ElKavo wrote: »

Cheers Bioandroid, I'm well finished with it at this stage. Thanks for the info though. If anyone else is looking to do it your link will prove useful no doubt. But the link isnt active...

Thanks again, I ultimately went with ssl on all three portions. one on each node and one on load balancer. Then someone went and bought the thing LOL. Ah not to worry...;)

No problem, I realised the post date just after I replied

Somebody bought your lab environment?

Unfortunately I can't post links. I need a certain post count first.

Run this search into google:
"VMware_vCenter_Server_5.5_LB_SSO_Technical_Reference.pdf" filetype:pdf

Also see:
"VMW-vRealize-Automation-61-Deployment-Guide-HA-Configurations.pdf" filetype:pdf

It should be the only result.

ElKavo

Thanks BioAndroid. I was developing the cloud platform for an ecommerce site. About 2 months after I got it all done it was bought out.

Cheers