Any engineer dealing with PCI DSS compliance issues probably looses a little bit of the joy in life .

Now don’t get me wrong, The PCI DSS has a laudable aim and is written quite well and mostly sensibly but like the bible is open to a vast amount of interpretation…

So lets start with the fundemental issue:

Q. Is my load balancer secure?

A. If you have  Firewalled port 22 (SSH) and 9080/9443 (Loadbalancer.org admin ports) then YES IT IS SECURE –  job done, go home.

Read the rest of this entry »

Microsoft print server provides a great way to share printers throughout your organisation, but when the print server service falls over, the phone quickly starts to ring. By adding a load balancer and a second print server configured with the same print queues , you’ll quickly have a load balanced and resillient printing infrastructure for your users.

Read the rest of this entry »

We do quite a bit of work with web proxy vendors, loadbalancing multiple web filters/proxies with one of our appliances and our customers have requested a way of health checking through the proxy when they have NTLM authentication enabled. Always happy to help where we can I have created a script that will retrieve a web page via your proxy (logging in first of course) if it retrieves it successfully then the program exits with a code 0, if it fails it exits with a code 1. Simple!!

Read the rest of this entry »

Lies, Damn Lies, and Benchmarks….

I get quite frustrated with benchmarks because they are very hard to perform properly, and even when you do them properly its very hard to get any useful data from them.
Its all very well knowing that a web server can do 4,000 connections per second, but what we really want to know is something along the lines of:

How many shoppers at my ecommerce site can one web server handle IF:

• 200 users are doing free text searches
• 100 users are in the HTTPS shopping basket
• 500 users are just browsing
• 2 hackers are trying to get in
• & 1 proxy server is spooling 10,000 connections to cache the site

Anyway after getting hassled by yet another customer for a Benchmark on our EC2 VA load balancing appliance I thought I’d take a quick crack at it:

Read the rest of this entry »

As a follow on to my previous blog, its easier to get Apache to log client IP addresses utilizing X-Forwarded-For headers than it is using IIS. By default, the logs do not record source IP addresses for clients but this is very easy to change using the LogFormat directive in the httpd.conf file as explained below.

Read the rest of this entry »

So, you’re using IIS and you want to track your clients by IP address in your IIS logs. Unfortunately, out of the tin, this is simply not possible. The X-Forwarded-For (XFF) HTTP header is an industry standard to find the IP address of a client machine that is connecting to your web server via an HTTP proxy, load balancer etc. that Microsoft IIS does not support. Luckily, various solutions are available to address this limitation, some that cost money and others that have been released as open source. One excellent example that we’ve tested with our products is F5′s X-Forwarded-For ISAPI filter. We’ve tested this with IIS7 although according to F5′s post, it should also support IIS6. It also comes in 32 & 64 bit flavours which is great.

Read the rest of this entry »

OK, Before the flames start let me state the usual caveat, “GSLBs don’t ALWAYS suck, just most of the time”.
Here at Loadbalancer.org we have toyed with the idea of selling a GSLB (as most of our competitors do), it wouldn’t take long… to hack a decent PowerDNS interface onto one of our appliances…
But every time we look at how it would work, we  keep coming back to the fact that it doesn’t work at all (or at least not as the customer would expect).
Let me continue this rant by describing what customers probably want and then move onto what GSLBs actually do… and then suggest some simple alternatives:

Read the rest of this entry »

A couple of our customers have asked if our appliances would do G-Zip compression in the past we haven’t given it much thought. Then out of the blue a company offered us a card to test with http://www.aha.com/ and some of us in the office welcoming the opportunity to meddle with anything new jumped at the chance.

Read the rest of this entry »

Update: Sorry but as of Wednesday 6th Oct 2010, the free lifetime license is no longer available!

OK, so let me begin by saying that I am both excited and slightly scared by our latest product. I’m excited because after playing around with it in the Amazon cloud, I’ve become slightly addicted to launching multiple instances in different parts of the world and load balancing the traffic seamlessly. I’m slightly scared because this could change our whole business model from hardware load balancer vendor to online SAAS (Software As A Service) provider.

So why does the new Loadbalancer.org EC2 ENTERPRISE rock?

Read the rest of this entry »

Just a brief guide on how to enable SNAT in LVS with iptables.

Firstly this is all very bleeding edge and as yet has not made it into the current kernel it should be in 2.6.36 with a new version of iptables released not long after that. But for those of you far to eager to use this already here is what you do. N.B I will also go through the process of enabling it so if your reading this and 2.6.36 is available as is the latest version of iptables you can probably skip the start of this article.
Read the rest of this entry »