Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

ssl cert instillation on two vm behind load balancer level 4

  • 22-05-2014 1:55pm
    #1
    Registered Users, Registered Users 2 Posts: 861 ✭✭✭


    Hi Guys,

    As the catchy title suggests... I am currently looking to install an ssl cert on my two vm's which sit behind a level 4 load balancer. So my question is, should i install the ssl at the end point on vm1 then export the key and import it to end point on vm2. or is it possible to install it on the load balancer therefore negating the need for multiple installs of ssl on vm's and also reducing the risk of down time should I need to add or remove vm's from the cluster?

    Also I hope this is the correct location for post if not Mods please move as required.

    Thanks

    D


Comments

  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    I'm going to leave this open here for a little bit and see if you get a response. if there's nothing I'll move it to the security forum, maybe you'll get some ideas on the best practise side of things from a security standpoint.


  • Registered Users, Registered Users 2 Posts: 861 ✭✭✭ElKavo


    Ok Great thanks, Just thought perhaps someone may know, I guess there is a limit to what the boardsies know.

    Cheers


  • Registered Users, Registered Users 2 Posts: 6 BioAndroid


    Hi ElKavo,

    I think you could implement this in a few different ways.

    You could implement an SSL certificate on the Load Balancer as it is the gateway or entry point for you two VMs that you have behind it.

    I would prefer to implement a cert on both of the load balanced nodes and also the Load Balancer. This would increase security between all nodes in the load balanced group.

    Here is a great document for configuring SSO in a high availability configuration. These two SSO nodes are being load balanced and also the document runs through the implementation of SSL certs also. It's not too long and definitely worth a look.

    evernote.com/l/AOzsmcxnlY1HO6sBteMdA84IqugPC68lYuk/


  • Registered Users, Registered Users 2 Posts: 861 ✭✭✭ElKavo


    BioAndroid wrote: »
    Hi ElKavo,

    I think you could implement this in a few different ways.

    You could implement an SSL certificate on the Load Balancer as it is the gateway or entry point for you two VMs that you have behind it.

    I would prefer to implement a cert on both of the load balanced nodes and also the Load Balancer. This would increase security between all nodes in the load balanced group.

    Here is a great document for configuring SSO in a high availability configuration. These two SSO nodes are being load balanced and also the document runs through the implementation of SSL certs also. It's not too long and definitely worth a look.

    evernote.com/l/AOzsmcxnlY1HO6sBteMdA84IqugPC68lYuk/


    Cheers Bioandroid, I'm well finished with it at this stage. Thanks for the info though. If anyone else is looking to do it your link will prove useful no doubt. But the link isnt active...

    Thanks again, I ultimately went with ssl on all three portions. one on each node and one on load balancer. Then someone went and bought the thing LOL. Ah not to worry...;)


  • Registered Users, Registered Users 2 Posts: 6 BioAndroid


    ElKavo wrote: »
    Cheers Bioandroid, I'm well finished with it at this stage. Thanks for the info though. If anyone else is looking to do it your link will prove useful no doubt. But the link isnt active...

    Thanks again, I ultimately went with ssl on all three portions. one on each node and one on load balancer. Then someone went and bought the thing LOL. Ah not to worry...;)

    No problem, I realised the post date just after I replied :D

    Somebody bought your lab environment?

    Unfortunately I can't post links. I need a certain post count first.

    Run this search into google:
    "VMware_vCenter_Server_5.5_LB_SSO_Technical_Reference.pdf" filetype:pdf

    Also see:
    "VMW-vRealize-Automation-61-Deployment-Guide-HA-Configurations.pdf" filetype:pdf

    It should be the only result.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 861 ✭✭✭ElKavo


    Thanks BioAndroid. I was developing the cloud platform for an ecommerce site. About 2 months after I got it all done it was bought out.

    Cheers


Advertisement